diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2017-09-19 13:45:19 +0200 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-10-04 09:05:55 +0200 |
| commit | 7f68de6c2e6aaed1929dfbcf1a73606c9b79fd64 (patch) | |
| tree | 7c403c9eae2951e7f8029046d93069a800d53925 | |
| parent | b07852825eeb63a78e1b3863e42b3f328430da18 (diff) | |
| download | sssd-7f68de6c2e6aaed1929dfbcf1a73606c9b79fd64.tar.gz sssd-7f68de6c2e6aaed1929dfbcf1a73606c9b79fd64.tar.xz sssd-7f68de6c2e6aaed1929dfbcf1a73606c9b79fd64.zip | |
KCM: Do not leak newly created ccache in case the name is malformed
This is not a big deal as the mem_ctx parameter of the operation is
typically just a short-lived operation context. Nonetheless, it is best
practice to not rely on how the memory context is set up in utility
functions.
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
| -rw-r--r-- | src/responder/kcm/kcmsrv_ccache.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index a22184e0f..d3ed10eee 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -45,7 +45,7 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx, krb5_principal princ, struct kcm_ccache **_cc) { - struct kcm_ccache *cc; + struct kcm_ccache *cc = NULL; krb5_error_code kret; errno_t ret; @@ -57,13 +57,13 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx, ret = kcm_check_name(name, owner); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Name %s is malformed\n", name); - return ret; + goto done; } cc->name = talloc_strdup(cc, name); if (cc->name == NULL) { - talloc_free(cc); - return ENOMEM; + ret = ENOMEM; + goto done; } uuid_generate(cc->uuid); @@ -74,8 +74,8 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_OP_FAILURE, "krb5_copy_principal failed: [%d][%s]\n", kret, err_msg); sss_krb5_free_error_message(k5c, err_msg); - talloc_free(cc); - return ERR_INTERNAL; + ret = ERR_INTERNAL; + goto done; } cc->owner.uid = cli_creds_get_uid(owner); @@ -84,7 +84,12 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx, talloc_set_destructor(cc, kcm_cc_destructor); *_cc = cc; - return EOK; + ret = EOK; +done: + if (ret != EOK) { + talloc_free(cc); + } + return ret; } const char *kcm_cc_get_name(struct kcm_ccache *cc) |