Fix potential leaks in delete_context

Free RC4 state if any Free workstations tring if any Also make sure to safely zero the struct before freeing to avoid leaking any key material.
author: Simo Sorce <simo@redhat.com> 2013-12-15 20:09:56 -0500
committer: Simo Sorce <simo@redhat.com> 2013-12-15 20:44:09 -0500
commit: 33c7af608b3004b56a0c55e70191fd4521de6c96 (patch)
tree: bbbc5266a0cd946e9305d01027cf791e5a5d0a4c /src
parent: 5d7c2e78fe9c60ecbaf825abccadd3ba7a855afc (diff)
download: gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.gz
gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.xz
gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 4ed1b19..9203939 100644
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -627,6 +627,8 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status,
 
     ctx = (struct gssntlm_ctx *)*context_handle;
 
+    safefree(ctx->workstation);
+
     ret = ntlm_free_ctx(&ctx->ntlm);
 
     safefree(ctx->nego_msg.data);
@@ -639,6 +641,10 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status,
     gssntlm_int_release_name(&ctx->source_name);
     gssntlm_int_release_name(&ctx->target_name);
 
+    RC4_FREE(&ctx->send.seal_handle);
+    RC4_FREE(&ctx->recv.seal_handle);
+
+    safezero(*context_handle, sizeof(struct gssntlm_ctx));
     safefree(*context_handle);
 
     if (ret) {
author	Simo Sorce <simo@redhat.com>	2013-12-15 20:09:56 -0500
committer	Simo Sorce <simo@redhat.com>	2013-12-15 20:44:09 -0500
commit	33c7af608b3004b56a0c55e70191fd4521de6c96 (patch)
tree	bbbc5266a0cd946e9305d01027cf791e5a5d0a4c /src
parent	5d7c2e78fe9c60ecbaf825abccadd3ba7a855afc (diff)
download	gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.gz gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.xz gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.zip