diff options
author | Jim Meyering <jim@meyering.net> | 2012-01-05 13:37:04 -0500 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2012-01-05 15:42:40 -0500 |
commit | ace87c773e2ac5c6f59f984563290f57cdbcfd88 (patch) | |
tree | 3d0012ba0ebcbe0d334bff730f82268a24ad3bfe | |
parent | 89dde6fbabf6590ad7ccccc1f20f371f27da2207 (diff) | |
download | nfs-utils-ace87c773e2ac5c6f59f984563290f57cdbcfd88.tar.gz nfs-utils-ace87c773e2ac5c6f59f984563290f57cdbcfd88.tar.xz nfs-utils-ace87c773e2ac5c6f59f984563290f57cdbcfd88.zip |
gssd: avoid double-free upon write failure
Free just calloc'd enc_key.data from one place, unconditionally,
after calling write_lucid_keyblock, rather than from three places.
Coverity spotted the possible double free.
Signed-off-by: Steve Dickson <steved@redhat.com>
-rw-r--r-- | utils/gssd/context_lucid.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/utils/gssd/context_lucid.c b/utils/gssd/context_lucid.c index 3e695ab..64146d7 100644 --- a/utils/gssd/context_lucid.c +++ b/utils/gssd/context_lucid.c @@ -80,6 +80,7 @@ prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx, uint32_t i; char *skd, *dkd; gss_buffer_desc fakeoid; + int err; /* * The new Kerberos interface to get the gss context @@ -138,11 +139,10 @@ prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx, dkd = (char *) enc_key.data; for (i = 0; i < enc_key.length; i++) dkd[i] = skd[i] ^ 0xf0; - if (write_lucid_keyblock(&p, end, &enc_key)) { - free(enc_key.data); - goto out_err; - } + err = write_lucid_keyblock(&p, end, &enc_key); free(enc_key.data); + if (err) + goto out_err; if (write_lucid_keyblock(&p, end, &lctx->rfc1964_kd.ctx_key)) goto out_err; @@ -153,7 +153,6 @@ out_err: printerr(0, "ERROR: failed serializing krb5 context for kernel\n"); if (buf->value) free(buf->value); buf->length = 0; - if (enc_key.data) free(enc_key.data); return -1; } |