From: Greg Hudson Date: Fri, 9 Dec 2011 17:57:47 +0000 (+0000) Subject: Fix memory leaks in FAST TGS support X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=50fb5d3192e68abf02d2c1dbebe51b4eb268972c;p=krb5.git Fix memory leaks in FAST TGS support krb5int_fast_prep_req remove tgs from request->padata and needs to free it. get_creds.c needs to use a fresh FAST state for each TGS request to avoid leaking armor keys. ticket: 7026 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25535 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index ec660563a..7de338b12 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -320,6 +320,10 @@ krb5int_fast_prep_req(krb5_context context, krb5_free_data(context, encoded_fast_req); if (local_encoded_result) krb5_free_data(context, local_encoded_result); + if (tgs) { + free(tgs->contents); + free(tgs); + } state->fast_outer_request.padata = NULL; return retval; } diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index d1439586c..b009e6100 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -152,7 +152,6 @@ struct _krb5_tkt_creds_context { krb5_flags req_options; /* Caller-requested KRB5_GC_* options */ krb5_flags req_kdcopt; /* Caller-requested options as KDC options */ krb5_authdata **authdata; /* Caller-requested authdata */ - struct krb5int_fast_request_state *fast_state; /* The following fields are used in multiple steps. */ krb5_creds *cur_tgt; /* TGT to be used for next query */ @@ -168,6 +167,7 @@ struct _krb5_tkt_creds_context { int kdcopt; /* KDC options of request */ krb5_keyblock *subkey; /* subkey of request */ krb5_data previous_request; /* Encoded request (for TCP retransmission) */ + struct krb5int_fast_request_state *fast_state; /* The following fields are used when acquiring foreign TGTs. */ krb5_data *realm_path; /* Path from client to server realm */ @@ -268,6 +268,13 @@ make_request(krb5_context context, krb5_tkt_creds_context ctx, if (!krb5_c_valid_enctype(ctx->cur_tgt->keyblock.enctype)) return KRB5_PROG_ETYPE_NOSUPP; + /* Create a new FAST state structure to store this request's armor key. */ + krb5int_fast_free_state(context, ctx->fast_state); + ctx->fast_state = NULL; + code = krb5int_fast_make_state(context, &ctx->fast_state); + if (code) + return code; + code = krb5int_make_tgs_request(context, ctx->fast_state, ctx->cur_tgt, ctx->kdcopt, ctx->cur_tgt->addresses, NULL, @@ -1047,9 +1054,6 @@ krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, ctx = k5alloc(sizeof(*ctx), &code); if (ctx == NULL) goto cleanup; - code = krb5int_fast_make_state(context, &ctx->fast_state); - if (code) - goto cleanup; ctx->req_options = options; ctx->req_kdcopt = 0;