From 33c7af608b3004b56a0c55e70191fd4521de6c96 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 15 Dec 2013 20:09:56 -0500 Subject: Fix potential leaks in delete_context Free RC4 state if any Free workstations tring if any Also make sure to safely zero the struct before freeing to avoid leaking any key material. --- src/gss_sec_ctx.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 4ed1b19..9203939 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -627,6 +627,8 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status, ctx = (struct gssntlm_ctx *)*context_handle; + safefree(ctx->workstation); + ret = ntlm_free_ctx(&ctx->ntlm); safefree(ctx->nego_msg.data); @@ -639,6 +641,10 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status, gssntlm_int_release_name(&ctx->source_name); gssntlm_int_release_name(&ctx->target_name); + RC4_FREE(&ctx->send.seal_handle); + RC4_FREE(&ctx->recv.seal_handle); + + safezero(*context_handle, sizeof(struct gssntlm_ctx)); safefree(*context_handle); if (ret) { -- cgit