From: Greg Hudson Date: Wed, 10 Feb 2010 01:55:36 +0000 (+0000) Subject: Followon fixes to r23712: X-Git-Tag: krb5-1.9-beta1~354 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=11079f43e990d8150870a2c894e17e286f46c96c;p=krb5.git Followon fixes to r23712: * A few formatting fixes. * Fix unlikely leak in kdc_handle_protected_negotiation: if add_pa_data_element with copy == FALSE fails, it's still the caller's responsibility to free pa.contents. * Fix pre-existing (since r23465) leak of reply_encpart.enc_padata in process_as_req. * Call add_pa_data_element with copy == TRUE in return_referral_enc_padata since we are passing memory owned by the database entry. ticket: 6656 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23714 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index a5b710043..b183dcfc7 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -133,6 +133,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, server_keyblock.contents = NULL; client_keyblock.contents = NULL; reply.padata = 0; + reply_encpart.enc_padata = 0; memset(&reply, 0, sizeof(reply)); session_key.contents = 0; @@ -623,7 +624,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } errcode = return_enc_padata(kdc_context, req_pkt, request, - as_encrypting_key, &server, &reply_encpart, FALSE); + as_encrypting_key, &server, &reply_encpart, + FALSE); if (errcode) { status = "KDC_RETURN_ENC_PADATA"; goto errout; @@ -689,6 +691,8 @@ egress: krb5_free_keyblock_contents(kdc_context, &client_keyblock); if (reply.padata != NULL) krb5_free_pa_data(kdc_context, reply.padata); + if (reply_encpart.enc_padata) + krb5_free_pa_data(kdc_context, reply_encpart.enc_padata); if (cname != NULL) free(cname); diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 52256e7bd..cb0496f9d 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -950,13 +950,14 @@ tgt_again: } errcode = return_enc_padata(kdc_context, pkt, request, reply_key, &server, &reply_encpart, - is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)); + is_referral && + isflagset(s_flags, + KRB5_KDB_FLAG_CANONICALIZE)); if (errcode) { status = "KDC_RETURN_ENC_PADATA"; goto cleanup; } - errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, subkey ? 1 : 0, reply_key, diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 05df3940c..00800aab0 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -3086,9 +3086,10 @@ include_pac_p(krb5_context context, krb5_kdc_req *request) static krb5_error_code return_referral_enc_padata( krb5_context context, - krb5_enc_kdc_rep_part *reply, krb5_db_entry *server) + krb5_enc_kdc_rep_part *reply, + krb5_db_entry *server) { - krb5_error_code code; + krb5_error_code code; krb5_tl_data tl_data; krb5_pa_data pa_data; @@ -3101,10 +3102,9 @@ return_referral_enc_padata( krb5_context context, pa_data.pa_type = KRB5_PADATA_SVR_REFERRAL_INFO; pa_data.length = tl_data.tl_data_length; pa_data.contents = tl_data.tl_data_contents; - return add_pa_data_element(context, &pa_data, &reply->enc_padata, FALSE); + return add_pa_data_element(context, &pa_data, &reply->enc_padata, TRUE); } - krb5_error_code return_enc_padata(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, krb5_keyblock *reply_key, diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 95f495a82..d63bba253 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -2697,9 +2697,9 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, pa.contents = (krb5_octet *) out->data; pa.length = out->length; retval = add_pa_data_element(kdc_context, &pa, out_enc_padata, FALSE); - out->data = NULL; if (retval) goto cleanup; + out->data = NULL; pa.magic = KV5M_PA_DATA; pa.pa_type = KRB5_PADATA_FX_FAST; pa.length = 0; diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 4b81376f3..03ecaf7c1 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -259,7 +259,7 @@ return_enc_padata(krb5_context context, krb5_keyblock *reply_key, krb5_db_entry *server, krb5_enc_kdc_rep_part *reply_encpart, -krb5_boolean is_referral); + krb5_boolean is_referral); krb5_error_code sign_db_authdata (krb5_context context,