diff options
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 29 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 17 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/add_cred.c | 16 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/disp_name.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5seal.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 10 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/util_cksum.c | 25 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/util_crypt.c | 4 |
9 files changed, 72 insertions, 41 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 0d57d5cfc7..8a9c96b734 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,32 @@ +2001-06-22 Danilo Almeida <dalmeida@mit.edu> + + * util_crypt.c (kg_encrypt, kg_decrypt): Use free() instead of + krb5_free_data_contents(). + + * util_cksum.c (kg_checksum_channel_bindings): Make sure that + returned memory is allocated with xmalloc() so that caller can use + xfree() on it. + + * k5unseal.c (kg_unseal_v1): Use krb5_free_data_contents() + instead of xfree(). + + * k5seal.c (make_seal_token_v1): Use krb5_free_data_contents() + instead of xfree(). + + * init_sec_context.c (make_ap_req_v1): Use xfree() instead of + free() to be consistent with xmalloc() usage. Use + krb5_free_data_contents() instead of xfree(). + + * disp_name.c (krb5_gss_display_name): Use + krb5_free_unparsed_name() instead of xfree(). + + * add_cred.c (krb5_gss_add_cred): Use xfree() instead of free() to + be consistent with xmalloc() usage. + + * accept_sec_context.c (krb5_gss_accept_sec_context): Remove + variables that were effectively unused. Use + krb5_free_data_contents() instead of xfree() where appropriate. + 2001-06-20 Ezra Peisach <epeisach@mit.edu> * acquire_cred.c (acquire_init_cred): Include "k5-int.h" for diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 88fa7dbc8c..d7325d5e28 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -191,7 +191,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, size_t md5len; int bigend; krb5_gss_cred_id_t cred = 0; - krb5_data ap_rep, ap_req, mic; + krb5_data ap_rep, ap_req; int i; krb5_error_code code; krb5_address addr, *paddr; @@ -206,14 +206,13 @@ krb5_gss_accept_sec_context(minor_status, context_handle, krb5_auth_context auth_context = NULL; krb5_ticket * ticket = NULL; int option_id; - krb5_data option, cksumdata; + krb5_data option; const gss_OID_desc *mech_used = NULL; OM_uint32 major_status = GSS_S_FAILURE; krb5_error krb_error_data; krb5_data scratch; gss_cred_id_t cred_handle = NULL; krb5_gss_cred_id_t deleg_cred = NULL; - krb5_cksumtype *ctypes = 0; if (GSS_ERROR(kg_get_context(minor_status, &context))) return(GSS_S_FAILURE); @@ -226,10 +225,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle, output_token->value = NULL; token.value = 0; reqcksum.contents = 0; - mic.data = 0; ap_req.data = 0; ap_rep.data = 0; - cksumdata.data = 0; if (mech_type) *mech_type = GSS_C_NULL_OID; @@ -738,8 +735,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle, major_status = GSS_S_COMPLETE; fail: - if (ctypes) - free(ctypes); if (authdat) krb5_free_authenticator(context, authdat); /* The ctx structure has the handle of the auth_context */ @@ -750,11 +745,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, if (reqcksum.contents) xfree(reqcksum.contents); if (ap_rep.data) - xfree(ap_rep.data); - if (mic.data) - xfree(mic.data); - if (cksumdata.data) - xfree(cksumdata.data); + krb5_free_data_contents(context, &ap_rep); if (!GSS_ERROR(major_status)) return(major_status); @@ -830,7 +821,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, g_make_token_header((gss_OID) mech_used, tmsglen, &ptr, toktype); TWRITE_STR(ptr, scratch.data, scratch.length); - xfree(scratch.data); + krb5_free_data_contents(context, &scratch); *output_token = token; } diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index 5cc1784870..ab393ee29a 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -184,7 +184,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, code = krb5_copy_principal(context, cred->princ, &new_cred->princ); if (code) { - free(new_cred); + xfree(new_cred); *minor_status = code; return(GSS_S_FAILURE); @@ -194,7 +194,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, kttype = krb5_kt_get_type(context, cred->keytab); if ((strlen(kttype)+2) > sizeof(ktboth)) { krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = ENOMEM; return(GSS_S_FAILURE); @@ -209,7 +209,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, sizeof(ktboth)-strlen(ktboth)); if (code) { krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = code; return(GSS_S_FAILURE); @@ -218,7 +218,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, code = krb5_kt_resolve(context, ktboth, &new_cred->keytab); if (code) { krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = code; return(GSS_S_FAILURE); @@ -235,7 +235,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = code; return(GSS_S_FAILURE); @@ -254,7 +254,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = ENOMEM; return(GSS_S_FAILURE); @@ -272,7 +272,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = code; return(GSS_S_FAILURE); @@ -291,7 +291,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (new_cred->keytab) krb5_kt_close(context, new_cred->keytab); krb5_free_principal(context, new_cred->princ); - free(new_cred); + xfree(new_cred); *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c index b7e183048e..ba01fd4ea7 100644 --- a/src/lib/gssapi/krb5/disp_name.c +++ b/src/lib/gssapi/krb5/disp_name.c @@ -52,13 +52,13 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, } if (! g_make_string_buffer(str, output_name_buffer)) { - xfree(str); + krb5_free_unparsed_name(context, str); *minor_status = (OM_uint32) G_BUFFER_ALLOC; return(GSS_S_FAILURE); } - xfree(str); + krb5_free_unparsed_name(context, str); *minor_status = 0; if (output_name_type) diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 3fb392e777..a39372ff0d 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -319,9 +319,9 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token) cleanup: if (checksum_data.data) - free(checksum_data.data); + xfree(checksum_data.data); if (ap_req.data) - xfree(ap_req.data); + krb5_free_data_contents(context, &ap_req); return (code); } diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index 913802a057..9c718f0731 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -274,7 +274,7 @@ make_seal_token_v1 (krb5_context context, (g_OID_equal(oid, gss_mech_krb5_old) ? seq->contents : NULL), md5cksum.contents, md5cksum.contents, 16))) { - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); xfree(t); return code; } @@ -296,7 +296,7 @@ make_seal_token_v1 (krb5_context context, break; } - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); /* create the seq_num */ diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index af059609e4..8d77c40245 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -264,7 +264,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? ctx->seq->contents : NULL), md5cksum.contents, md5cksum.contents, 16))) { - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); if (toktype == KG_TOK_SEAL_MSG) xfree(token.value); *minor_status = code; @@ -283,7 +283,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, case SGN_ALG_MD2_5: if (!ctx->seed_init && (code = kg_make_seed(context, ctx->subkey, ctx->seed))) { - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); if (sealalg != 0xffff) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) @@ -295,7 +295,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if (! (data_ptr = (void *) xmalloc(sizeof(ctx->seed) + 8 + (ctx->big_endian ? token.length : plainlen)))) { - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); if (sealalg == 0) xfree(plain); if (toktype == KG_TOK_SEAL_MSG) @@ -314,7 +314,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, plaind.length = 8 + sizeof(ctx->seed) + (ctx->big_endian ? token.length : plainlen); plaind.data = data_ptr; - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); code = krb5_c_make_checksum(context, md5cksum.checksum_type, ctx->seq, KG_USAGE_SIGN, &plaind, &md5cksum); @@ -376,7 +376,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, break; } - xfree(md5cksum.contents); + krb5_free_checksum_contents(context, &md5cksum); if (sealalg != 0xffff) xfree(plain); diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c index 316f41beef..235d749473 100644 --- a/src/lib/gssapi/krb5/util_cksum.c +++ b/src/lib/gssapi/krb5/util_cksum.c @@ -34,10 +34,12 @@ kg_checksum_channel_bindings(context, cb, cksum, bigend) int bigend; { size_t len; - char *buf, *ptr; + char *buf = 0; + char *ptr; size_t sumlen; krb5_data plaind; krb5_error_code code; + void *temp; /* initialize the the cksum */ code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen); @@ -85,13 +87,22 @@ kg_checksum_channel_bindings(context, cb, cksum, bigend) code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0, &plaind, cksum); - if (code) { - xfree(buf); - return(code); + if (code) + goto cleanup; + + if ((temp = xmalloc(cksum->length)) == NULL) { + krb5_free_checksum_contents(context, cksum); + code = ENOMEM; + goto cleanup; } - /* success */ + memcpy(temp, cksum->contents, cksum->length); + krb5_free_checksum_contents(context, cksum); + cksum->contents = (krb5_octet *)temp; - xfree(buf); - return(0); + /* success */ + cleanup: + if (buf) + xfree(buf); + return code; } diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index 5f150c0a1d..a08b919828 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -141,7 +141,7 @@ kg_encrypt(context, key, usage, iv, in, out, length) code = krb5_c_encrypt(context, key, usage, pivd, &inputd, &outputd); if (pivd != NULL) - krb5_free_data_contents(context, pivd); + free(pivd->data); return code; } @@ -186,6 +186,6 @@ kg_decrypt(context, key, usage, iv, in, out, length) code = krb5_c_decrypt(context, key, usage, pivd, &inputd, &outputd); if (pivd != NULL) - krb5_free_data_contents(context, pivd); + free(pivd->data); return code; } |