diff options
| author | Theodore Tso <tytso@mit.edu> | 1995-09-16 07:00:32 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1995-09-16 07:00:32 +0000 |
| commit | c2380cebcdd54289bc48f5b8c56ff3309d007496 (patch) | |
| tree | ad94af9b4da2412933d026917bfa5141e56bfe1b /src | |
| parent | 3f7b5fca80c0aaeffcd9348c70613af5b63a61f1 (diff) | |
| download | krb5-c2380cebcdd54289bc48f5b8c56ff3309d007496.tar.gz krb5-c2380cebcdd54289bc48f5b8c56ff3309d007496.tar.xz krb5-c2380cebcdd54289bc48f5b8c56ff3309d007496.zip | |
sendauth.c (krb5_sendauth): Make sure the scratch credentials
structure may have possible been used be freed..
rd_safe.c (krb5_rd_safe_basic): Fall through to the cleanup code at
the end, to make sure the decoded message in message is freed.
rd_req_dec.c (krb5_rd_req_decoded): Use krb5_copy_keyblock to copy
authent->subkey to auth_context->remote_subkey. Keeping them
separate avoids aliasing problems.
mk_req_ext.c (krb5_generate_authenticator): Fix memory leak. Don't
bash authent->subkey with key after carefully copying it using
krb5_copy_keyblock!
recvauth.c (krb5_recvauth): krb5_get_server_rcache() already opens the
rcache; doing it again merely causes a memory leak.
gen_subkey.c (krb5_generate_subkey): Eliminate memory leak.
krb5_init_random_key() does its own allocation of the
keyblock.
gc_via_tkt.c (krb5_kdcrep2creds): Fix memory leak.
srv_rcache.c (krb5_get_server_rcache): Fix memory leak.
rd_safe.c (krb5_rd_safe_basic): Fix memory leak.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6797 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 32 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gc_via_tkt.c | 1 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gen_subkey.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/mk_req_ext.c | 1 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_req_dec.c | 8 | ||||
| -rw-r--r-- | src/lib/krb5/krb/rd_safe.c | 8 | ||||
| -rw-r--r-- | src/lib/krb5/krb/recvauth.c | 11 | ||||
| -rw-r--r-- | src/lib/krb5/krb/sendauth.c | 1 | ||||
| -rw-r--r-- | src/lib/krb5/krb/srv_rcache.c | 3 |
9 files changed, 46 insertions, 25 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index cbedca806..162cb52db 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,35 @@ +Sat Sep 16 01:23:14 1995 Theodore Y. Ts'o <tytso@dcl> + + * sendauth.c (krb5_sendauth): Make sure the scratch credentials + structure may have possible been used be freed.. + + * rd_safe.c (krb5_rd_safe_basic): Fall through to the cleanup code + at the end, to make sure the decoded message in message is + freed. + + * rd_req_dec.c (krb5_rd_req_decoded): Use krb5_copy_keyblock to + copy authent->subkey to auth_context->remote_subkey. + Keeping them separate avoids aliasing problems. + + * mk_req_ext.c (krb5_generate_authenticator): Fix memory leak. + Don't bash authent->subkey with key after carefully + copying it using krb5_copy_keyblock! + + * recvauth.c (krb5_recvauth): krb5_get_server_rcache() already + opens the rcache; doing it again merely causes a memory leak. + +Fri Sep 15 17:20:08 1995 Theodore Y. Ts'o <tytso@dcl> + + * gen_subkey.c (krb5_generate_subkey): Eliminate memory leak. + krb5_init_random_key() does its own allocation of the + keyblock. + + * gc_via_tkt.c (krb5_kdcrep2creds): Fix memory leak. + + * srv_rcache.c (krb5_get_server_rcache): Fix memory leak. + + * rd_safe.c (krb5_rd_safe_basic): Fix memory leak. + Tue Sep 12 12:40:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * t_ser.c (ser_cksum_test): Work around an optimizer bug unser diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 643bca566..b310a10f9 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -88,6 +88,7 @@ krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds) goto cleanup_keyblock; (*ppcreds)->ticket = *pdata; + free(pdata); return 0; cleanup_keyblock: diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c index 66a79d19e..89e21a1b7 100644 --- a/src/lib/krb5/krb/gen_subkey.c +++ b/src/lib/krb5/krb/gen_subkey.c @@ -43,12 +43,6 @@ krb5_generate_subkey(context, key, subkey) if ((retval = krb5_init_random_key(context, &eblock, key, &random_state))) return(retval); - *subkey = (krb5_keyblock *)malloc(sizeof(**subkey)); - if (!*subkey) { - (void) krb5_finish_random_key(context, &eblock, &random_state); - return ENOMEM; - } - if ((retval = krb5_random_key(context, &eblock, random_state, subkey))) { (void) krb5_finish_random_key(context, &eblock, &random_state); krb5_xfree(*subkey); diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index df97c2bf5..dfd147357 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -270,7 +270,6 @@ krb5_generate_authenticator(context, authent, client, cksum, key, seq_number, au return retval; } else authent->subkey = 0; - authent->subkey = key; authent->seq_number = seq_number; authent->authorization_data = authorization; diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index f6348c3f9..c5637d4c1 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -254,7 +254,13 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab, } (*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number; - (*auth_context)->remote_subkey = (*auth_context)->authentp->subkey; + if ((*auth_context)->authentp->subkey) { + if ((retval = krb5_copy_keyblock(context, + (*auth_context)->authentp->subkey, + &((*auth_context)->remote_subkey)))) + goto cleanup; + } else + (*auth_context)->remote_subkey = 0; if ((retval = krb5_copy_keyblock(context, req->ticket->enc_part2->session, &((*auth_context)->keyblock)))) goto cleanup; diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index 328117d96..9cdcabf06 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -141,10 +141,8 @@ krb5_rd_safe_basic(context, inbuf, keyblock, recv_addr, sender_addr, *outbuf = message->user_data; message->user_data.data = NULL; - - krb5_free_checksum(context, his_cksum); - return 0; - + retval = 0; + cleanup: krb5_free_safe(context, message); return retval; @@ -268,7 +266,7 @@ krb5_rd_safe(context, auth_context, inbuf, outbuf, outdata) /* everything is ok - return data to the user */ return 0; - +eh error:; krb5_xfree(outbuf->data); return retval; diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index eb753f8ec..2f8675862 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -156,17 +156,6 @@ krb5_recvauth(context, auth_context, null_server.data = "default"; problem = krb5_get_server_rcache(context, &null_server, &rcache); } - if ((!problem) && krb5_rc_recover(context, rcache)) { - /* - * If the rc_recover() didn't work, then try - * initializing the replay cache. - */ - if ((problem = krb5_rc_initialize(context, rcache, - krb5_clockskew))) { - krb5_rc_close(context, rcache); - rcache = NULL; - } - } if (!problem) problem = krb5_auth_con_setrcache(context, *auth_context, rcache); } diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c index 6ca38d9ce..d2260a8f5 100644 --- a/src/lib/krb5/krb/sendauth.c +++ b/src/lib/krb5/krb/sendauth.c @@ -219,6 +219,7 @@ krb5_sendauth(context, auth_context, } error_return: + krb5_free_cred_contents(context, &creds); if (credspout) krb5_free_creds(context, credspout); if (!ccache && use_ccache) diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index 8c88edde8..0764c6e55 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -96,7 +96,8 @@ krb5_get_server_rcache(context, piece, rcptr) } *rcptr = rcache; - return 0; + rcache = 0; + retval = 0; cleanup: if (rcache) |