diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-12-09 17:57:47 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-12-09 17:57:47 +0000 |
commit | 50fb5d3192e68abf02d2c1dbebe51b4eb268972c (patch) | |
tree | 9bcd54eb15db10bfb73c54126edd3ba2e310da45 /src/lib/krb5/krb/get_creds.c | |
parent | c46149123370939afc76276aebadf30adf815690 (diff) | |
download | krb5-50fb5d3192e68abf02d2c1dbebe51b4eb268972c.tar.gz krb5-50fb5d3192e68abf02d2c1dbebe51b4eb268972c.tar.xz krb5-50fb5d3192e68abf02d2c1dbebe51b4eb268972c.zip |
Fix memory leaks in FAST TGS support
krb5int_fast_prep_req remove tgs from request->padata and needs to
free it. get_creds.c needs to use a fresh FAST state for each TGS
request to avoid leaking armor keys.
ticket: 7026
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25535 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/get_creds.c')
-rw-r--r-- | src/lib/krb5/krb/get_creds.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index d1439586c..b009e6100 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -152,7 +152,6 @@ struct _krb5_tkt_creds_context { krb5_flags req_options; /* Caller-requested KRB5_GC_* options */ krb5_flags req_kdcopt; /* Caller-requested options as KDC options */ krb5_authdata **authdata; /* Caller-requested authdata */ - struct krb5int_fast_request_state *fast_state; /* The following fields are used in multiple steps. */ krb5_creds *cur_tgt; /* TGT to be used for next query */ @@ -168,6 +167,7 @@ struct _krb5_tkt_creds_context { int kdcopt; /* KDC options of request */ krb5_keyblock *subkey; /* subkey of request */ krb5_data previous_request; /* Encoded request (for TCP retransmission) */ + struct krb5int_fast_request_state *fast_state; /* The following fields are used when acquiring foreign TGTs. */ krb5_data *realm_path; /* Path from client to server realm */ @@ -268,6 +268,13 @@ make_request(krb5_context context, krb5_tkt_creds_context ctx, if (!krb5_c_valid_enctype(ctx->cur_tgt->keyblock.enctype)) return KRB5_PROG_ETYPE_NOSUPP; + /* Create a new FAST state structure to store this request's armor key. */ + krb5int_fast_free_state(context, ctx->fast_state); + ctx->fast_state = NULL; + code = krb5int_fast_make_state(context, &ctx->fast_state); + if (code) + return code; + code = krb5int_make_tgs_request(context, ctx->fast_state, ctx->cur_tgt, ctx->kdcopt, ctx->cur_tgt->addresses, NULL, @@ -1047,9 +1054,6 @@ krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, ctx = k5alloc(sizeof(*ctx), &code); if (ctx == NULL) goto cleanup; - code = krb5int_fast_make_state(context, &ctx->fast_state); - if (code) - goto cleanup; ctx->req_options = options; ctx->req_kdcopt = 0; |