MEMORY keytab does not copy keytab_entry keyblock contents

In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the
keytab_entry keyblock contents - but instead retains a pointer to the
incomming one.

In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal
keyblock contents memory is returned to the caller - which is subsequently
freed when tht caller invokes krb5_free_keytab_entry_contents.

Solution is to use krb5_copy_keyblock_contents() instead of simply copying
the structure.

Ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c
index 5e550d4929c22fdcb58d40f102b6133b77e3cd7b..7e055b737633033c7c782e72f12ffbfc71e0d158 100644 (file)
--- a/src/lib/krb5/keytab/kt_memory.c
+++ b/src/lib/krb5/keytab/kt_memory.c
@@ -442,12 +442,18 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
        out_entry->timestamp = entry->timestamp;\r
        out_entry->vno = entry->vno;\r
        out_entry->key = entry->key; \r
+       err = krb5_copy_keyblock_contents(context, &(entry->key),\r
+                                         &(out_entry->key));\r
        /*\r
         * Coerce the enctype of the output keyblock in case we\r
         * got an inexact match on the enctype.\r
         */\r
        out_entry->key.enctype = enctype;\r
-       err = krb5_copy_principal(context, entry->principal, &(out_entry->principal));\r
+       if(!err) {\r
+               err = krb5_copy_principal(context, \r
+                                         entry->principal, \r
+                                         &(out_entry->principal));\r
+       }\r
     } else {\r
        if (!err)\r
            err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND;\r
@@ -524,7 +530,11 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry
     entry->timestamp = mkt_cursor->entry->timestamp;\r
     entry->vno = mkt_cursor->entry->vno;\r
     entry->key = mkt_cursor->entry->key; \r
-    err = krb5_copy_principal(context, mkt_cursor->entry->principal, &(entry->principal));\r
+    err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), \r
+                                     &(entry->key));\r
+    if (!err) \r
+           err = krb5_copy_principal(context, mkt_cursor->entry->principal,\r
+                                     &(entry->principal));\r
     if (!err)\r
        *cursor = (krb5_kt_cursor *)mkt_cursor->next;\r
     KTUNLOCK(id);\r
@@ -571,9 +581,17 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
     cursor->entry->magic = entry->magic;\r
     cursor->entry->timestamp = entry->timestamp;\r
     cursor->entry->vno = entry->vno;\r
-    cursor->entry->key = entry->key; \r
+    err = krb5_copy_keyblock_contents(context, &(entry->key), \r
+                                     &(cursor->entry->key));\r
+    if (err) {\r
+       krb5_xfree(cursor->entry);\r
+       krb5_xfree(cursor);\r
+       goto done;\r
+    }\r
+\r
     err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));\r
     if (err) {\r
+       krb5_free_keyblock_contents(context, &(cursor->entry->key));\r
        krb5_xfree(cursor->entry);\r
        krb5_xfree(cursor);\r
        goto done;\r