From: Tom Yu Date: Sat, 28 Aug 2004 01:23:19 +0000 (+0000) Subject: * init_sec_context.c (make_ap_req_v1): Free checksum data X-Git-Tag: krb5-1.4-beta1~116 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cb531c31cca130913eee32e5c9b9dd7677bebb9b;p=krb5.git * init_sec_context.c (make_ap_req_v1): Free checksum data allocated by make_gss_checksum() to avoid leak. * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after checksum is verified, to avoid leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16696 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index ac27dec44..3237548d3 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,11 @@ +2004-08-27 Tom Yu + + * init_sec_context.c (make_ap_req_v1): Free checksum data + allocated by make_gss_checksum() to avoid leak. + + * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after + checksum is verified, to avoid leak. + 2004-08-26 Ken Raeburn * acquire_cred.c (krb5_gss_acquire_cred): Call diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index adc5ad918..3ffb5154d 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -301,8 +301,10 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token) if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED; - if ((code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags, - checksum_data, k_cred, &ap_req))) + code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags, + checksum_data, k_cred, &ap_req); + krb5_free_data_contents(context, &cksum_struct.checksum_data); + if (code) goto cleanup; /* store the interesting stuff from creds and authent */ diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index 710c6f59d..9fa1bf755 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -477,14 +477,14 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, sum.checksum_type = ctx->cksumtype; err = krb5_c_verify_checksum(context, key, key_usage, &plain, &sum, &valid); + free(plain.data); + plain.data = NULL; if (err) { error: - free(plain.data); *minor_status = err; return GSS_S_BAD_SIG; /* XXX */ } if (!valid) { - free(plain.data); *minor_status = 0; return GSS_S_BAD_SIG; }