projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b79991)
libgss leaks, UMRs
authorTom Yu <tlyu@mit.edu>
Fri, 13 Jun 2003 21:43:07 +0000 (21:43 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 13 Jun 2003 21:43:07 +0000 (21:43 +0000)
* init_sec_context.c (krb5_gss_init_sec_context): Free
default_enctypes to avoid leaking returned value from
krb5_get_tgs_ktypes.

* k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
token.length == 0, to avoid spurious uninitialized memory
references when calling memcpy() with a zero length.

ticket: new
target_version: 1.3
tags: pullup
component: krb5-libs
cc: Kent_Wu@trendmicro.com

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog patch | blob | history
src/lib/gssapi/krb5/init_sec_context.c patch | blob | history
src/lib/gssapi/krb5/k5unseal.c patch | blob | history

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 10f85ad88d9b5907ef0bd301630e98216e74c746..9cccd9d349db42f82d36fe132a71bc1187cde2e1 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -2,6 +2,12 @@
 
        * init_sec_context.c (make_ap_req_v1): Free checksum_data if
        needed, to avoid leaking memory.  Found by Kent Wu.
+       (krb5_gss_init_sec_context): Free default_enctypes to avoid
+       leaking returned value from krb5_get_tgs_ktypes.
+
+       * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
+       token.length == 0, to avoid spurious uninitialized memory
+       references when calling memcpy() with a zero length.
 
 2003-05-13  Tom Yu  <tlyu@mit.edu>
 
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index a95d3048acdf393e63eeb216852f4d8ce4eb97d4..0d3ddc9689f340b14f0f502694d5e7c2d352fa08 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -539,6 +539,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
          if (!is_duplicate_enctype)
              requested_enctypes[i++] = e;
       }
+      krb5_free_ktypes(context, default_enctypes);
       requested_enctypes[i++] = 0;
 
       if ((code = get_credentials(context, cred, ctx->there, now,
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index 347d6b8524169cbc6c704f70dbd09a3847ba394f..e678311f9a47815ec082cc0c8ba37f80b246d02f 100644 (file)
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -224,6 +224,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
                return(GSS_S_FAILURE);
            }
            memcpy(token.value, plain+conflen, token.length);
+       } else {
+           token.value = NULL;
        }
     } else if (toktype == KG_TOK_SIGN_MSG) {
        token = *message_buffer;
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.