diff options
author | Simo Sorce <simo@redhat.com> | 2013-12-15 20:09:56 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-12-15 20:44:09 -0500 |
commit | 33c7af608b3004b56a0c55e70191fd4521de6c96 (patch) | |
tree | bbbc5266a0cd946e9305d01027cf791e5a5d0a4c /src | |
parent | 5d7c2e78fe9c60ecbaf825abccadd3ba7a855afc (diff) | |
download | gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.gz gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.tar.xz gss-ntlmssp-33c7af608b3004b56a0c55e70191fd4521de6c96.zip |
Fix potential leaks in delete_context
Free RC4 state if any
Free workstations tring if any
Also make sure to safely zero the struct before freeing to avoid leaking any
key material.
Diffstat (limited to 'src')
-rw-r--r-- | src/gss_sec_ctx.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 4ed1b19..9203939 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -627,6 +627,8 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status, ctx = (struct gssntlm_ctx *)*context_handle; + safefree(ctx->workstation); + ret = ntlm_free_ctx(&ctx->ntlm); safefree(ctx->nego_msg.data); @@ -639,6 +641,10 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status, gssntlm_int_release_name(&ctx->source_name); gssntlm_int_release_name(&ctx->target_name); + RC4_FREE(&ctx->send.seal_handle); + RC4_FREE(&ctx->recv.seal_handle); + + safezero(*context_handle, sizeof(struct gssntlm_ctx)); safefree(*context_handle); if (ret) { |