k5-int.h, gic_opt.c

  The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
  functions permit the gic_opts parameter to be NULL.   This is not
  taken into account when testing the value with the macros
  krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
  Nor is it taken into account within krb5int_gic_opte_copy() which
  is called by krb5int_gic_opt_to_opte() when the input parameter is
  not a krb5_gic_opt_ext structure.

  This commit makes two changes:

  (1) it modifies the macros to ensure that the value is non-NULL
      before evaluation.

  (2) it modifies krb5int_gic_opte_copy() to avoid copying the
      original values with memcpy() when the input is NULL.

  In addition, the code was audited to ensure that the flag
  KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
  it is set, that the allocated krb5_gic_opt_ext structure is
  freed by krb5_get_init_creds_password() and
  krb5_get_init_creds_keytab().

ticket: 5552
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19537 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 99b157921690c6c19d7223913a6054cdcdab1658..98f106475dd00441e6e5a82a873675a791cdb444 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1048,9 +1048,9 @@ void krb5_free_etype_info
 #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
 
 #define krb5_gic_opt_is_extended(s) \
-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
 #define krb5_gic_opt_is_shadowed(s) \
-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
 
 
 typedef struct _krb5_gic_opt_private {

diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c
index bbf2eb2867e411be6c6837d7f796e61008b4bd50..9e9e4e882979b24a70e1dda67180f693d7609c43 100644 (file)
--- a/src/lib/krb5/krb/gic_opt.c
+++ b/src/lib/krb5/krb/gic_opt.c
@@ -206,8 +206,18 @@ krb5int_gic_opte_copy(krb5_context context,
     oe = krb5int_gic_opte_alloc(context);
     if (NULL == oe)
        return ENOMEM;
-    memcpy(oe, opt, sizeof(*opt));
-    /* Fix these -- overwritten by the copy */
+
+    if (opt)
+        memcpy(oe, opt, sizeof(*opt));
+
+    /*
+     * Fix the flags -- the EXTENDED flag would have been
+     * overwritten by the copy if there was one.  The
+     * SHADOWED flag is necessary to ensure that the
+     * krb5_gic_opt_ext structure that was allocated
+     * here will be freed by the library because the
+     * application is unaware of its existence.
+     */
     oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
                   KRB5_GET_INIT_CREDS_OPT_SHADOWED);