sendauth.c (krb5_sendauth): Make sure the scratch credentials

author Theodore Tso <tytso@mit.edu>

Sat, 16 Sep 1995 07:00:32 +0000 (07:00 +0000)

committer Theodore Tso <tytso@mit.edu>

Sat, 16 Sep 1995 07:00:32 +0000 (07:00 +0000)
author Theodore Tso <tytso@mit.edu>
Sat, 16 Sep 1995 07:00:32 +0000 (07:00 +0000)
committer Theodore Tso <tytso@mit.edu>
Sat, 16 Sep 1995 07:00:32 +0000 (07:00 +0000)
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog

index cbedca806f7c9a747288ba802f1f658351548375..162cb52dbc52727805a7c8f8a7282c941ef04ba4 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,35 @@
+Sat Sep 16 01:23:14 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+       * sendauth.c (krb5_sendauth): Make sure the scratch credentials
+               structure may have possible been used be freed..
+
+       * rd_safe.c (krb5_rd_safe_basic): Fall through to the cleanup code
+               at the end, to make sure the decoded message in message is
+               freed.
+
+       * rd_req_dec.c (krb5_rd_req_decoded): Use krb5_copy_keyblock to
+               copy authent->subkey to auth_context->remote_subkey.
+               Keeping them separate avoids aliasing problems.
+
+       * mk_req_ext.c (krb5_generate_authenticator): Fix memory leak.
+               Don't bash authent->subkey with key after carefully
+               copying it using krb5_copy_keyblock!
+
+       * recvauth.c (krb5_recvauth): krb5_get_server_rcache() already
+               opens the rcache; doing it again merely causes a memory leak.
+
+Fri Sep 15 17:20:08 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+       * gen_subkey.c (krb5_generate_subkey): Eliminate memory leak.
+               krb5_init_random_key() does its own allocation of the
+               keyblock.
+
+       * gc_via_tkt.c (krb5_kdcrep2creds): Fix memory leak.
+
+       * srv_rcache.c (krb5_get_server_rcache): Fix memory leak.
+
+       * rd_safe.c (krb5_rd_safe_basic): Fix memory leak.
+
  Tue Sep 12 12:40:30 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
  
         * t_ser.c (ser_cksum_test): Work around an optimizer bug unser
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c

index 643bca566173527d532adf405e2e5db8814fdf3a..b310a10f94a83cb79908ee409da807e3db926127 100644 (file)
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -88,6 +88,7 @@ krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds)
         goto cleanup_keyblock;
  
      (*ppcreds)->ticket = *pdata;
+    free(pdata);
      return 0;
  
  cleanup_keyblock:
diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c

index 66a79d19e9f32589dfb07c237b0c5111ce5d1f45..89e21a1b79a236468dc272c09104c6504532cda3 100644 (file)
--- a/src/lib/krb5/krb/gen_subkey.c
+++ b/src/lib/krb5/krb/gen_subkey.c
@@ -43,12 +43,6 @@ krb5_generate_subkey(context, key, subkey)
  
      if ((retval = krb5_init_random_key(context, &eblock, key, &random_state)))
         return(retval);
-    *subkey = (krb5_keyblock *)malloc(sizeof(**subkey));
-    if (!*subkey) {
-       (void) krb5_finish_random_key(context, &eblock, &random_state);
-       return ENOMEM;
-    }
-       
      if ((retval = krb5_random_key(context, &eblock, random_state, subkey))) {
         (void) krb5_finish_random_key(context, &eblock, &random_state);
         krb5_xfree(*subkey);
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c

index df97c2bf53c48a21eb8c19fef5610145683d745f..dfd147357778e192468942669c3be38da33559db 100644 (file)
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -270,7 +270,6 @@ krb5_generate_authenticator(context, authent, client, cksum, key, seq_number, au
             return retval;
      } else
         authent->subkey = 0;
-    authent->subkey = key;
      authent->seq_number = seq_number;
      authent->authorization_data = authorization;
  
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c

index f6348c3f918bd8cacf69992804d8fc5c666e5891..c5637d4c1d6d6b01e4853265b7aa24b98d3f65ec 100644 (file)
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -254,7 +254,13 @@ krb5_rd_req_decoded(context, auth_context, req, server, keytab,
      }
  
      (*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number;
-    (*auth_context)->remote_subkey = (*auth_context)->authentp->subkey;
+    if ((*auth_context)->authentp->subkey) {
+       if ((retval = krb5_copy_keyblock(context,
+                                        (*auth_context)->authentp->subkey,
+                                        &((*auth_context)->remote_subkey))))
+           goto cleanup;
+    } else
+       (*auth_context)->remote_subkey = 0;
      if ((retval = krb5_copy_keyblock(context, req->ticket->enc_part2->session,
                                      &((*auth_context)->keyblock))))
         goto cleanup;
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c

index 328117d96c13008de46916b2347d4add1d67e902..9cdcabf06431ac90777e2fa55346a9f59f8bd0d9 100644 (file)
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -141,10 +141,8 @@ krb5_rd_safe_basic(context, inbuf, keyblock, recv_addr, sender_addr,
  
      *outbuf = message->user_data;
      message->user_data.data = NULL;
-
-    krb5_free_checksum(context, his_cksum);
-    return 0;
-
+    retval = 0;
+    
  cleanup:
      krb5_free_safe(context, message);
      return retval;
@@ -268,7 +266,7 @@ krb5_rd_safe(context, auth_context, inbuf, outbuf, outdata)
         
      /* everything is ok - return data to the user */
      return 0;
-
+eh
  error:;
      krb5_xfree(outbuf->data);
      return retval;
diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c

index eb753f8eca694cbef01e9740fd7d6858e6ae91bc..2f867586252f43db0e3511e7c34a2c871cda97d9 100644 (file)
--- a/src/lib/krb5/krb/recvauth.c
+++ b/src/lib/krb5/krb/recvauth.c
@@ -156,17 +156,6 @@ krb5_recvauth(context, auth_context,
             null_server.data = "default";
             problem = krb5_get_server_rcache(context, &null_server, &rcache);
          }
-       if ((!problem) && krb5_rc_recover(context, rcache)) {
-           /*
-            * If the rc_recover() didn't work, then try
-            * initializing the replay cache.
-            */
-           if ((problem = krb5_rc_initialize(context, rcache,
-                                             krb5_clockskew))) {
-               krb5_rc_close(context, rcache);
-               rcache = NULL;
-           }
-       }
          if (!problem) 
             problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
      }
diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c

index 6ca38d9ce39d36590de8ad4fdcfe46f3980bfe44..d2260a8f54e29853214acef8828d1ed50ab15959 100644 (file)
--- a/src/lib/krb5/krb/sendauth.c
+++ b/src/lib/krb5/krb/sendauth.c
@@ -219,6 +219,7 @@ krb5_sendauth(context, auth_context,
         }
  
  error_return:
+    krb5_free_cred_contents(context, &creds);
      if (credspout)
         krb5_free_creds(context, credspout); 
      if (!ccache && use_ccache)
diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c

index 8c88edde863125b0476c7ffca5859da03ab36461..0764c6e55adcb24409f4eaf796fce6cc37bcf6a0 100644 (file)
--- a/src/lib/krb5/krb/srv_rcache.c
+++ b/src/lib/krb5/krb/srv_rcache.c
@@ -96,7 +96,8 @@ krb5_get_server_rcache(context, piece, rcptr)
      }
  
      *rcptr = rcache;
-    return 0;
+    rcache = 0;
+    retval = 0;
  
  cleanup:
      if (rcache)
author	Theodore Tso <tytso@mit.edu>
	Sat, 16 Sep 1995 07:00:32 +0000 (07:00 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Sat, 16 Sep 1995 07:00:32 +0000 (07:00 +0000)
src/lib/krb5/krb/ChangeLog		patch \| blob \| history
src/lib/krb5/krb/gc_via_tkt.c		patch \| blob \| history
src/lib/krb5/krb/gen_subkey.c		patch \| blob \| history
src/lib/krb5/krb/mk_req_ext.c		patch \| blob \| history
src/lib/krb5/krb/rd_req_dec.c		patch \| blob \| history
src/lib/krb5/krb/rd_safe.c		patch \| blob \| history
src/lib/krb5/krb/recvauth.c		patch \| blob \| history
src/lib/krb5/krb/sendauth.c		patch \| blob \| history
src/lib/krb5/krb/srv_rcache.c		patch \| blob \| history