From 27b2c92d428e60241434633ad0ed6958a46d8ced Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Sat, 25 Jun 1994 01:04:03 +0000
Subject: [PATCH] Plug memory leaks, and other miscellaneous bugs reported by
 Jim Miller

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3914 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kadmin/server/ChangeLog      | 15 +++++++++++++++
 src/kadmin/server/adm_adm_func.c | 17 ++++++++++++++++-
 src/kadmin/server/adm_process.c  |  6 +++++-
 3 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 src/kadmin/server/ChangeLog

diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
new file mode 100644
index 000000000..50600c6b3
--- /dev/null
+++ b/src/kadmin/server/ChangeLog
@@ -0,0 +1,15 @@
+Fri Jun 24 20:39:37 1994  Theodore Y. Ts'o  (tytso at tsx-11)
+
+	* adm_process.c (process_client): Plug memory leaks
+
+	* adm_adm_func. (adm_inq_old_key): Plug memory leaks, return error
+	  when adm_fmt_prt returns an error
+
+	* adm_adm_func.c (adm_mod_old_key): Plug memory leaks, report error
+	  if put_principal returns an error.
+
+	* adm_adm_func.c (adm_change_pwd_rnd): Fix syslog information
+
+	* adm_adm_func.c (adm_build_key): Plug memory leak
+
+
diff --git a/src/kadmin/server/adm_adm_func.c b/src/kadmin/server/adm_adm_func.c
index 32cb2d44e..2499c5173 100644
--- a/src/kadmin/server/adm_adm_func.c
+++ b/src/kadmin/server/adm_adm_func.c
@@ -154,6 +154,7 @@ krb5_db_entry entry;
     
     /* Send private message to Client */
     if (krb5_write_message(&client_server_info.client_socket, &msg_data)){
+	free(msg_data.data);
 	com_err("adm_build_key", 0, "Error Performing Password Write");
 	return(5);		/* Protocol Failure */
     }
@@ -280,7 +281,7 @@ krb5_ticket *client_creds;
 
     
     syslog(LOG_AUTH | LOG_INFO, 
-	   "Remote Administrative Addition Request for %s by %s", 
+	   "Remote Administrative Random Password Change Request for %s by %s", 
 	   customer_name, client_server_info.name_of_client);
     
     if (retval = krb5_parse_name(customer_name, &newprinc)) {
@@ -523,6 +524,7 @@ krb5_ticket *client_creds;
 	
 	if (!adm_princ_exists("adm_mod_old_key", newprinc,
 			      &entry, &nprincs)) {
+	    krb5_db_free_principal(&entry, nprincs);
 	    com_err("adm_mod_old_key", 0, 
 		    "principal '%s' is not in the database", 
 		    customer_name);
@@ -562,6 +564,7 @@ krb5_ticket *client_creds;
 	free(outbuf.data);
 	
 	if (krb5_write_message(&client_server_info.client_socket, &msg_data)){
+	    free(msg_data.data);
 	    krb5_free_principal(newprinc);
 	    krb5_db_free_principal(&entry, nprincs);
 	    com_err("adm_mod_old_key", 0, 
@@ -680,6 +683,12 @@ krb5_ticket *client_creds;
 	}
 	
 	retval = krb5_db_put_principal(&entry, &one);
+	if (retval) {
+	    com_err("adm_mod_old_key", retval, "while storing principal");
+	    krb5_free_principal(newprinc);
+	    krb5_db_free_principal(&entry, nprincs);
+	    return(8);		/* Update failed */
+	}
 	one = 1;
     }	/* for */
     
@@ -746,6 +755,7 @@ krb5_ticket *client_creds;
     
     if (!adm_princ_exists("adm_inq_old_key", newprinc,
 			  &entry, &nprincs)) {
+	krb5_db_free_principal(&entry, nprincs);
 	krb5_free_principal(newprinc);
 	free(fullname);
 	com_err("adm_inq_old_key", 0, "principal '%s' is not in the database", 
@@ -767,6 +777,7 @@ krb5_ticket *client_creds;
 	krb5_free_principal(newprinc);
 	free(fullname);
 	com_err("adm_inq_old_key", 0, "Unable to Format Inquiry Data");
+	return(5);		/* XXX protocol failure --- not right, but.. */
     }
     outbuf.length = strlen(outbuf.data);
     krb5_db_free_principal(&entry, nprincs);
@@ -788,9 +799,11 @@ krb5_ticket *client_creds;
 	free(outbuf.data);
 	return(5);		/* Protocol Failure */
     }
+    free(outbuf.data);
     
     /* Send Inquiry Information */
     if (krb5_write_message(&client_server_info.client_socket, &msg_data)){
+	free(msg_data.data);
 	com_err("adm_inq_old_key", 0, "Error Performing Write");
 	return(5);		/* Protocol Failure */
     }
@@ -820,6 +833,8 @@ krb5_ticket *client_creds;
 	return(5);		/* Protocol Failure */
     }
     
+    /* XXX Decrypt client response.... and we don't use it?!? */
+    
     free(msg_data.data);
     free(inbuf.data);
     return(retval);
diff --git a/src/kadmin/server/adm_process.c b/src/kadmin/server/adm_process.c
index 98b98bafe..2eba71860 100644
--- a/src/kadmin/server/adm_process.c
+++ b/src/kadmin/server/adm_process.c
@@ -277,8 +277,10 @@ char *prog;
 			error_message(retval));
 	(void) sprintf(retbuf, "kadmind error during recvauth: %s\n", 
 			error_message(retval));
-	exit(1);
+	krb5_free_keyblock(cpw_key.key);
+	goto finish;
     }
+    krb5_free_keyblock(cpw_key.key);
 
     /* Check if ticket was issued using password (and not tgt)
      * within the last 5 minutes
@@ -355,6 +357,7 @@ char *prog;
 			0,
 			0,
 			&msg_data))) {
+	free(inbuf.data);
 	syslog(LOG_ERR, "kadmind error: rd_priv:%s\n", error_message(retval));
 	goto finish;
     }
@@ -427,6 +430,7 @@ char *prog;
         /* Send Final Reply to Client */
     if (retval = krb5_write_message(&client_server_info.client_socket,
 					&msg_data)){
+	free(msg_data.data);
 	syslog(LOG_ERR, "Error Performing Final Write: %s",
 			error_message(retval));
 	retval = 1;
-- 
2.26.2