Improve mk_safe/mk_priv cleanup slightly
authorGreg Hudson <ghudson@mit.edu>
Thu, 22 Sep 2011 16:20:13 +0000 (16:20 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 22 Sep 2011 16:20:13 +0000 (16:20 +0000)
In both functions, initialize outbuf on error, and avoid putting
pointers into it before we reach the successful return stage.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25225 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/mk_priv.c
src/lib/krb5/krb/mk_safe.c

index 6d87d05d6f69022e7b2378ac8f0c27b94ac41f48..62c99340ff476b531752fb6601f2f9f9876095a1 100644 (file)
@@ -114,6 +114,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
     krb5_error_code       retval;
     krb5_key              key;
     krb5_replay_data      replaydata;
+    krb5_data             buf = empty_data();
+
+    *outbuf = empty_data();
 
     /* Clear replaydata block */
     memset(&replaydata, 0, sizeof(krb5_replay_data));
@@ -191,7 +194,7 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
 
         if ((retval = mk_priv_basic(context, userdata, key, &replaydata,
                                     plocal_fulladdr, premote_fulladdr,
-                                    auth_context->i_vector, outbuf))) {
+                                    auth_context->i_vector, &buf))) {
             CLEANUP_DONE();
             goto error;
         }
@@ -203,10 +206,8 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
         krb5_donot_replay replay;
 
         if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
-                                           "_priv", &replay.client))) {
-            free(outbuf);
+                                           "_priv", &replay.client)))
             goto error;
-        }
 
         replay.server = "";             /* XXX */
         replay.msghash = NULL;
@@ -220,9 +221,11 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
         free(replay.client);
     }
 
+    *outbuf = buf;
     return 0;
 
 error:
+    krb5_free_data_contents(context, &buf);
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
         auth_context->local_seq_number--;
index 428a5e892627ea0e263d5a0c6e98914fb2631411..14533655700432da6695ae8ff8d9585d9848746e 100644 (file)
@@ -137,6 +137,9 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
     krb5_error_code       retval;
     krb5_key              key;
     krb5_replay_data      replaydata;
+    krb5_data             buf = empty_data();
+
+    *outbuf = empty_data();
 
     /* Clear replaydata block */
     memset(&replaydata, 0, sizeof(krb5_replay_data));
@@ -217,7 +220,7 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
         sumtype = safe_cksumtype(context, auth_context, key->keyblock.enctype);
         if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
                                          plocal_fulladdr, premote_fulladdr,
-                                         sumtype, outbuf))) {
+                                         sumtype, &buf))) {
             CLEANUP_DONE();
             goto error;
         }
@@ -229,26 +232,24 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
         krb5_donot_replay replay;
 
         if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
-                                           "_safe", &replay.client))) {
-            free(outbuf);
+                                           "_safe", &replay.client)))
             goto error;
-        }
 
         replay.server = "";             /* XXX */
         replay.msghash = NULL;
         replay.cusec = replaydata.usec;
         replay.ctime = replaydata.timestamp;
-        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
-            /* should we really error out here? XXX */
-            free(outbuf);
+        /* should we really error out here? XXX */
+        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay)))
             goto error;
-        }
         free(replay.client);
     }
 
+    *outbuf = buf;
     return 0;
 
 error:
+    krb5_free_data_contents(context, &buf);
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
         auth_context->local_seq_number--;