From 56d733f6d69e145693258b5e10a02554e4e68f77 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Fri, 13 Jun 2003 21:43:07 +0000
Subject: libgss leaks, UMRs

	* init_sec_context.c (krb5_gss_init_sec_context): Free
	default_enctypes to avoid leaking returned value from
	krb5_get_tgs_ktypes.

	* k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
	token.length == 0, to avoid spurious uninitialized memory
	references when calling memcpy() with a zero length.

ticket: new
target_version: 1.3
tags: pullup
component: krb5-libs
cc: Kent_Wu@trendmicro.com

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog          | 6 ++++++
 src/lib/gssapi/krb5/init_sec_context.c | 1 +
 src/lib/gssapi/krb5/k5unseal.c         | 2 ++
 3 files changed, 9 insertions(+)

(limited to 'src')

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 10f85ad88d..9cccd9d349 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -2,6 +2,12 @@
 
 	* init_sec_context.c (make_ap_req_v1): Free checksum_data if
 	needed, to avoid leaking memory.  Found by Kent Wu.
+	(krb5_gss_init_sec_context): Free default_enctypes to avoid
+	leaking returned value from krb5_get_tgs_ktypes.
+
+	* k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
+	token.length == 0, to avoid spurious uninitialized memory
+	references when calling memcpy() with a zero length.
 
 2003-05-13  Tom Yu  <tlyu@mit.edu>
 
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index a95d3048ac..0d3ddc9689 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -539,6 +539,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 	  if (!is_duplicate_enctype)
 	      requested_enctypes[i++] = e;
       }
+      krb5_free_ktypes(context, default_enctypes);
       requested_enctypes[i++] = 0;
 
       if ((code = get_credentials(context, cred, ctx->there, now,
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 347d6b8524..e678311f9a 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
 		return(GSS_S_FAILURE);
 	    }
 	    memcpy(token.value, plain+conflen, token.length);
+	} else {
+	    token.value = NULL;
 	}
     } else if (toktype == KG_TOK_SIGN_MSG) {
 	token = *message_buffer;
-- 
cgit