Improve mk_safe/mk_priv cleanup slightly

In both functions, initialize outbuf on error, and avoid putting pointers into it before we reach the successful return stage. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25225 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2011-09-22 16:20:13 +0000
committer: Greg Hudson <ghudson@mit.edu> 2011-09-22 16:20:13 +0000
commit: 1be77ec64675cacc3acaf8a75e5eb2339c86af24 (patch)
tree: 91799f6c2301a72f9e43dbb87772ecb62c283cf4 /src/lib
parent: 9252a953a12aa6c508531de5ba0e1eb9dd1d8b83 (diff)
download: krb5-1be77ec64675cacc3acaf8a75e5eb2339c86af24.tar.gz
krb5-1be77ec64675cacc3acaf8a75e5eb2339c86af24.tar.xz
krb5-1be77ec64675cacc3acaf8a75e5eb2339c86af24.zip
2 files changed, 16 insertions, 12 deletions
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 6d87d05d6..62c99340f 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -114,6 +114,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
     krb5_error_code       retval;
     krb5_key              key;
     krb5_replay_data      replaydata;
+    krb5_data             buf = empty_data();
+
+    *outbuf = empty_data();
 
     /* Clear replaydata block */
     memset(&replaydata, 0, sizeof(krb5_replay_data));
@@ -191,7 +194,7 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
 
         if ((retval = mk_priv_basic(context, userdata, key, &replaydata,
                                     plocal_fulladdr, premote_fulladdr,
-                                    auth_context->i_vector, outbuf))) {
+                                    auth_context->i_vector, &buf))) {
             CLEANUP_DONE();
             goto error;
         }
@@ -203,10 +206,8 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
         krb5_donot_replay replay;
 
         if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
-                                           "_priv", &replay.client))) {
-            free(outbuf);
+                                           "_priv", &replay.client)))
             goto error;
-        }
 
         replay.server = "";             /* XXX */
         replay.msghash = NULL;
@@ -220,9 +221,11 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
         free(replay.client);
     }
 
+    *outbuf = buf;
     return 0;
 
 error:
+    krb5_free_data_contents(context, &buf);
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
         auth_context->local_seq_number--;
diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index 428a5e892..145336557 100644
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -137,6 +137,9 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
     krb5_error_code       retval;
     krb5_key              key;
     krb5_replay_data      replaydata;
+    krb5_data             buf = empty_data();
+
+    *outbuf = empty_data();
 
     /* Clear replaydata block */
     memset(&replaydata, 0, sizeof(krb5_replay_data));
@@ -217,7 +220,7 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
         sumtype = safe_cksumtype(context, auth_context, key->keyblock.enctype);
         if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
                                          plocal_fulladdr, premote_fulladdr,
-                                         sumtype, outbuf))) {
+                                         sumtype, &buf))) {
             CLEANUP_DONE();
             goto error;
         }
@@ -229,26 +232,24 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
         krb5_donot_replay replay;
 
         if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
-                                           "_safe", &replay.client))) {
-            free(outbuf);
+                                           "_safe", &replay.client)))
             goto error;
-        }
 
         replay.server = "";             /* XXX */
         replay.msghash = NULL;
         replay.cusec = replaydata.usec;
         replay.ctime = replaydata.timestamp;
-        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
-            /* should we really error out here? XXX */
-            free(outbuf);
+        /* should we really error out here? XXX */
+        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay)))
             goto error;
-        }
         free(replay.client);
     }
 
+    *outbuf = buf;
     return 0;
 
 error:
+    krb5_free_data_contents(context, &buf);
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
         auth_context->local_seq_number--;
author	Greg Hudson <ghudson@mit.edu>	2011-09-22 16:20:13 +0000
committer	Greg Hudson <ghudson@mit.edu>	2011-09-22 16:20:13 +0000
commit	1be77ec64675cacc3acaf8a75e5eb2339c86af24 (patch)
tree	91799f6c2301a72f9e43dbb87772ecb62c283cf4 /src/lib
parent	9252a953a12aa6c508531de5ba0e1eb9dd1d8b83 (diff)
download	krb5-1be77ec64675cacc3acaf8a75e5eb2339c86af24.tar.gz krb5-1be77ec64675cacc3acaf8a75e5eb2339c86af24.tar.xz krb5-1be77ec64675cacc3acaf8a75e5eb2339c86af24.zip