From: Ezra Peisach Date: Mon, 19 Nov 2001 18:29:45 +0000 (+0000) Subject: * gss-server.c (server_establish_context, sign_server): Ensure X-Git-Tag: krb5-1.3-alpha1~949 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=0b9d961e7b1661e8d513028abfc31196813cf63c;p=krb5.git * gss-server.c (server_establish_context, sign_server): Ensure that memory blocks are only freed once. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13991 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 7eedd70e6..35f109349 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,8 @@ +2001-11-19 Ezra Peisach + + * gss-server.c (server_establish_context, sign_server): Ensure + that memory blocks are only freed once. + 2001-11-07 Ezra Peisach * gss-misc.c (recv_token): Do not attempt to malloc 0 bytes. diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index 28a8070db..8a394a5fa 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -150,6 +150,7 @@ static int server_establish_context(s, server_creds, context, client_name, free (recv_tok.value); recv_tok.value = NULL; } + if (! (token_flags & TOKEN_NOOP)) { if (log) fprintf(log, "Expected NOOP token, got %d token instead\n", @@ -182,7 +183,10 @@ static int server_establish_context(s, server_creds, context, client_name, NULL, /* ignore time_rec */ NULL); /* ignore del_cred_handle */ - free(recv_tok.value); + if(recv_tok.value) { + free(recv_tok.value); + recv_tok.value = NULL; + } if (send_tok.length != 0) { if (verbose && log) { @@ -418,7 +422,10 @@ static int sign_server(s, server_creds, export) if (token_flags & TOKEN_NOOP) { if (log) fprintf(log, "NOOP token\n"); - (void) gss_release_buffer(&min_stat, &xmit_buf); + if(xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } break; } @@ -432,7 +439,10 @@ static int sign_server(s, server_creds, export) if (log) fprintf(log, "Unauthenticated client requested authenticated services!\n"); - free (xmit_buf.value); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } return(-1); } @@ -441,13 +451,19 @@ static int sign_server(s, server_creds, export) &conf_state, (gss_qop_t *) NULL); if (maj_stat != GSS_S_COMPLETE) { display_status("unsealing message", maj_stat, min_stat); - free (xmit_buf.value); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } return(-1); } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { fprintf(stderr, "Warning! Message not encrypted.\n"); } - free (xmit_buf.value); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } } else { msg_buf = xmit_buf; @@ -474,18 +490,26 @@ static int sign_server(s, server_creds, export) display_status("signing message", maj_stat, min_stat); return(-1); } -if (token_flags & TOKEN_WRAPPED) - free (xmit_buf.value); + + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } /* Send the signature block to the client */ if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) return(-1); - (void) gss_release_buffer(&min_stat, &xmit_buf); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } } else { - if (token_flags & TOKEN_WRAPPED) - free (xmit_buf.value); + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } if (send_token(s, TOKEN_NOOP, empty_token) < 0) return(-1); }