(key_decrypt_keys): On error, when clearing keyblocks, set contents to null.

author Ezra Peisach <epeisach@mit.edu>

Wed, 7 Jun 1995 00:40:44 +0000 (00:40 +0000)

committer Ezra Peisach <epeisach@mit.edu>

Wed, 7 Jun 1995 00:40:44 +0000 (00:40 +0000)
author Ezra Peisach <epeisach@mit.edu>
Wed, 7 Jun 1995 00:40:44 +0000 (00:40 +0000)
committer Ezra Peisach <epeisach@mit.edu>
Wed, 7 Jun 1995 00:40:44 +0000 (00:40 +0000)
diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog

index d357a39b4b7d2b43ad20fe0a9335b62398703d40..afb7aa2b3cc2f0d59024284cb00fd845b88e9bdb 100644 (file)
--- a/src/kadmin/v5server/ChangeLog
+++ b/src/kadmin/v5server/ChangeLog
@@ -1,3 +1,14 @@
+Tue Jun  6 19:42:18 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
+
+       * srv_key.c (key_decrypt_keys): On error, when clearing keyblocks,
+               set contents to null.
+               (key_get_admin_entry): Allocate enough memory for
+                               admin_princ_name. 
+                               Initialize akey and pkey to zero.
+                               Cannot use krb5_free_keyblock on stack
+                                       based keyblock. 
+               (key_finish): Cannot use krb5_free_keyblock on bss based
+                               keyblock. 
  
  Mon Jun 5 14:14:10 EDT 1995    Paul Park       (pjpark@mit.edu)
         * srv_key.c(key_get_admin_entry) - When adding database entry for
diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c

index 8dba7c375abcd623859c6b10cbe7130f828caf4d..768b55b9dbd100438e51ac0964bbfc95cedefa18 100644 (file)
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -108,12 +108,15 @@ key_get_admin_entry(kcontext)
      DPRINT(DEBUG_CALLS, key_debug_level, ("* key_get_admin_entry()\n"));
      kret = ENOMEM;
      realm_name = key_master_realm();
+
+    memset((char *) &akey, 0, sizeof(akey));
+    memset((char *) &pkey, 0, sizeof(pkey));
      /*
       * The admin principal format is:
       * <admin-service-name>/<realm>@<realm>
       */
      admin_princ_name = (char *) malloc((size_t)
-                                      ((2*strlen(realm_name)) + 2 +
+                                      ((2*strlen(realm_name)) + 3 +
                                         strlen(KRB5_ADM_SERVICE_NAME)));
      if (admin_princ_name) {
         /* Format the admin name */
@@ -155,8 +158,11 @@ key_get_admin_entry(kcontext)
                         memcpy((char *) &madmin_key,
                                (char *) &pkey,
                                sizeof(pkey));
-                       if (akey.contents)
-                           krb5_free_keyblock(kcontext, &akey);
+                       if (akey.contents) {
+                               memset((char *) &akey.contents, 0,
+                                      (size_t) akey.length);
+                               krb5_xfree(akey.contents);
+                       }
                         madmin_key_init = 1;
                     }
                     else {
@@ -510,7 +516,8 @@ key_init(kcontext, debug_level, enc_type, key_type, master_key_name, manual,
             mkeytab_init = 0;
         }
         if (madmin_key_init) {
-           krb5_free_keyblock(kcontext, &madmin_key);
+           memset((char *)madmin_key.contents, 0, madmin_key.length);
+           krb5_xfree(madmin_key.contents);
             madmin_key_init = 0;
         }
      }
@@ -561,7 +568,8 @@ key_finish(kcontext, debug_level)
         mkeytab_init = 0;
      }
      if (madmin_key_init) {
-       krb5_free_keyblock(kcontext, &madmin_key);
+       memset((char *)madmin_key.contents, 0, madmin_key.length);
+       krb5_xfree(madmin_key.contents);
         madmin_key_init = 0;
      }
      krb5_db_fini(kcontext);
@@ -772,11 +780,13 @@ key_decrypt_keys(kcontext, principal, eprimary, ealternate, primary, alternate)
         if (primary->contents) {
             memset((char *) primary->contents, 0, (size_t) primary->length);
             krb5_xfree(primary->contents);
+           primary->contents = 0;
         }
         if (alternate->contents) {
             memset((char *) alternate->contents, 0,
                    (size_t) alternate->length);
             krb5_xfree(alternate->contents);
+           alternate->contents = 0;
         }
      }
      DPRINT(DEBUG_CALLS, key_debug_level,
author	Ezra Peisach <epeisach@mit.edu>
	Wed, 7 Jun 1995 00:40:44 +0000 (00:40 +0000)
committer	Ezra Peisach <epeisach@mit.edu>
	Wed, 7 Jun 1995 00:40:44 +0000 (00:40 +0000)
src/kadmin/v5server/ChangeLog		patch \| blob \| history
src/kadmin/v5server/srv_key.c		patch \| blob \| history