Fix various memory allocation and key/salt tuple related bugs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6485 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index 2a9b62a08ff851e2c9da8a58c413cf76093f825a..415fc4148954f211872fcfbb81f371fbe07ae374 100644 (file)
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,4 +1,19 @@
 
+Wed Aug 9 17:17:36 EDT 1995    Paul Park       (pjpark@mit.edu)
+       * kdb_cpw.c - Add check for uniqueness of key or key/salt combo.  Don't
+               generate a new key_data entry if one already exists.  Also,
+               fill in the key_data list at the end so as not to overwrite
+               already present data.
+               - Free krbtgt_keyblock contents in add_key_rnd().
+               - Put a "break" at the end of the KRB5_KDB_SALTTYPE_ONLYREALM
+                 in add_key_pwd().  Also pass in key_salt to encrypt_key_data
+                 always.
+       * kdb_xdr.c - initialize retval to 0 in decode_mod_princ data.  This is
+               questionable whether we should return an error if there's no
+               mod_princ data.  Also, free the allocated mod_princ only if
+               we allocated it and there's a failure.
+
+
 Wed Aug 9 09:47:08 EDT 1995    Paul Park       (pjpark@mit.edu)
        * kdb_cpw.c(add_key_rnd) - Terminate the variable length argument list
                to krb5_build_principal_ext() with a zero.

diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index 5625459a66452536e67d25f556f3382564215e86..990d3e8e69b3b5b30cb8d3072f0a56e02de4c9e7 100644 (file)
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -80,10 +80,11 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
     krb5_pointer         krbtgt_seed;  
     krb5_encrypt_block   krbtgt_eblock;
     krb5_db_entry        krbtgt_entry;
-    krb5_boolean         more;
+    krb5_boolean         more, found;
     int                          max_kvno, one, i, j;
     krb5_error_code      retval;
 
+    memset(&krbtgt_keyblock, 0, sizeof(krbtgt_keyblock));
     retval = krb5_build_principal_ext(context, &krbtgt_princ,
                                      db_entry->princ->realm.length,
                                      db_entry->princ->realm.data,
@@ -116,6 +117,20 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
     }
 
     for (i = 0; i < ks_tuple_count; i++) {
+       /*
+        * We could use krb5_keysalt_iterate to replace this loop, or use
+        * krb5_keysalt_is_present for the loop below, but we want to avoid
+        * circular library dependencies.
+        */
+       found = 0;
+       for (j = 0; j < i; j++) {
+           if (ks_tuple[j].ks_keytype == ks_tuple[i].ks_keytype) {
+               found = 1;
+               break;
+           }
+       }
+       if (found)
+           continue;
         if (retval = krb5_dbe_create_key_data(context, db_entry)) 
            goto add_key_rnd_err;
 
@@ -163,7 +178,7 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
 
        if (retval = krb5_dbekd_encrypt_key_data(context, master_eblock, 
                                                 key, NULL, kvno + 1, 
-                                                db_entry->key_data)) {
+                                                &db_entry->key_data[db_entry->n_key_data-1])) {
            krb5_free_keyblock(context, key);
            goto add_key_rnd_err;
        }
@@ -174,6 +189,10 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
 
 add_key_rnd_err:;
     krb5_db_free_principal(context, &krbtgt_entry, one);
+    if (krbtgt_keyblock.contents && krbtgt_keyblock.length) {
+       memset(krbtgt_keyblock.contents, 0, krbtgt_keyblock.length);
+       krb5_xfree(krbtgt_keyblock.contents);
+    }
     return(retval);
 }
 
@@ -285,9 +304,25 @@ add_key_pwd(context, master_eblock, ks_tuple, ks_tuple_count, passwd,
     krb5_keysalt         key_salt;
     krb5_keyblock        key;
     krb5_data            pwd;
-    int                          i;
+    krb5_boolean         found;
+    int                          i, j;
 
     for (i = 0; i < ks_tuple_count; i++) {
+       /*
+        * We could use krb5_keysalt_iterate to replace this loop, or use
+        * krb5_keysalt_is_present for the loop below, but we want to avoid
+        * circular library dependencies.
+        */
+       found = 0;
+       for (j = 0; j < i; j++) {
+           if ((ks_tuple[j].ks_keytype == ks_tuple[i].ks_keytype) &&
+               (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype)) {
+               found = 1;
+               break;
+           }
+       }
+       if (found)
+           continue;
        krb5_use_keytype(context, &key_eblock, ks_tuple[i].ks_keytype);
        if (retval = krb5_dbe_create_key_data(context, db_entry)) 
            return(retval);
@@ -303,6 +338,7 @@ add_key_pwd(context, master_eblock, ks_tuple, ks_tuple_count, passwd,
            key_salt.data = *saltdata;
            krb5_xfree(saltdata);
        }
+               break;
        case KRB5_KDB_SALTTYPE_NOREALM:
             if (retval=krb5_principal2salt_norealm(context, db_entry->princ,
                                                          &key_salt.data)) 
@@ -329,8 +365,8 @@ add_key_pwd(context, master_eblock, ks_tuple, ks_tuple_count, passwd,
            return(retval);
 
        if (retval = krb5_dbekd_encrypt_key_data(context, master_eblock, &key,
-                    key_salt.type ? (const krb5_keysalt *)&key_salt : NULL,
-                    kvno + 1, &db_entry->key_data[i])) {
+                    (const krb5_keysalt *)&key_salt,
+                    kvno + 1, &db_entry->key_data[db_entry->n_key_data-1])) {
            krb5_xfree(key.contents);
            return(retval);
        }

diff --git a/src/lib/kdb/kdb_xdr.c b/src/lib/kdb/kdb_xdr.c
index ede37bf95b514bfaccb643e6abad3b3e23820c58..76286490ecfaa1b7fe19661113f7906cf0bbc636 100644 (file)
--- a/src/lib/kdb/kdb_xdr.c
+++ b/src/lib/kdb/kdb_xdr.c
@@ -112,6 +112,7 @@ krb5_dbe_decode_mod_princ_data(context, entry, mod_princ)
     krb5_tl_data        * tl_data;
     krb5_octet         * nextloc;
 
+    retval = 0;
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
        if (tl_data->tl_data_type == KRB5_TL_MOD_PRINC) {
            if ((*mod_princ = malloc(sizeof(krb5_tl_mod_princ))) == NULL)
@@ -135,7 +136,7 @@ krb5_dbe_decode_mod_princ_data(context, entry, mod_princ)
        }
     }
 
-    if (retval) 
+    if (retval && (*mod_princ)) 
        free(*mod_princ);
     return retval;
 }