diff options
author | Simo Sorce <simo@redhat.com> | 2013-12-15 20:09:56 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-12-15 20:44:09 -0500 |
commit | 33c7af608b3004b56a0c55e70191fd4521de6c96 (patch) | |
tree | bbbc5266a0cd946e9305d01027cf791e5a5d0a4c | |
parent | 5d7c2e78fe9c60ecbaf825abccadd3ba7a855afc (diff) | |
download | gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.gz gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.xz gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.zip |
Fix potential leaks in delete_context
Free RC4 state if any
Free workstations tring if any
Also make sure to safely zero the struct before freeing to avoid leaking any
key material.
-rw-r--r-- | src/gss_sec_ctx.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 4ed1b19..9203939 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -627,6 +627,8 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status, ctx = (struct gssntlm_ctx *)*context_handle; + safefree(ctx->workstation); + ret = ntlm_free_ctx(&ctx->ntlm); safefree(ctx->nego_msg.data); @@ -639,6 +641,10 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status, gssntlm_int_release_name(&ctx->source_name); gssntlm_int_release_name(&ctx->target_name); + RC4_FREE(&ctx->send.seal_handle); + RC4_FREE(&ctx->recv.seal_handle); + + safezero(*context_handle, sizeof(struct gssntlm_ctx)); safefree(*context_handle); if (ret) { |