diff options
author | Sam Hartman <hartmans@mit.edu> | 2011-09-19 00:34:48 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2011-09-19 00:34:48 +0000 |
commit | 61c280a73539acbe68bb203ea8f09cf52cf4b784 (patch) | |
tree | 780dd58dbffb81889be80225e3a3875b1f023dbb | |
parent | c65b97433bbf1503670a9fb9260799e699e9bf56 (diff) | |
download | krb5-61c280a73539acbe68bb203ea8f09cf52cf4b784.tar.gz krb5-61c280a73539acbe68bb203ea8f09cf52cf4b784.tar.xz krb5-61c280a73539acbe68bb203ea8f09cf52cf4b784.zip |
In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed. Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.
In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/crypto/krb/keyblocks.c | 1 | ||||
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 8 |
2 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c index 21faa5631..98696f508 100644 --- a/src/lib/crypto/krb/keyblocks.c +++ b/src/lib/crypto/krb/keyblocks.c @@ -68,6 +68,7 @@ krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key) if (key && key->contents) { zapfree(key->contents, key->length); key->contents = NULL; + key->length = 0; } } diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 4247524ae..6f7023f70 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2143,7 +2143,7 @@ pkinit_octetstring2key(krb5_context context, goto cleanup; key_block->length = keylength; - key_block->contents = calloc(keylength, sizeof(unsigned char *)); + key_block->contents = malloc(keylength); if (key_block->contents == NULL) { retval = ENOMEM; goto cleanup; @@ -2156,9 +2156,9 @@ pkinit_octetstring2key(krb5_context context, cleanup: free(buf); - if (retval && key_block->contents != NULL && key_block->length != 0) { - memset(key_block->contents, 0, key_block->length); - key_block->length = 0; + // If this is an error return, free the allocated keyblock, if any + if (retval) { + krb5_free_keyblock_contents(context, key_block); } return retval; |