From 48511d8c90034b7573d6c9e4e1bf65893750f146 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 17 Feb 2000 00:33:38 +0000
Subject: [PATCH] 	* auth_gssapi.c (auth_gssapi_create): Free call_res
 because 	xdr_authgssapi_init_res can potentially allocate memory. 
 Perhaps 	clnt_call should really deal with this, though.  It is not at
 all 	clear whether clnt_call or svc_getargs should actually end up 
 freeing allocated memory themselves.

	* svc_auth_gssapi.c (_svcauth_gssapi): Call gssrpc_xdr_free() if
	xdr_authgssapi_creds() or xdr_authgssapi_init_arg() fails.

	* auth_gssapi_misc.c (xdr_authgssapi_creds):
	(xdr_authgssapi_init_arg):
	(xdr_authgssapi_init_res): Revert prior change.  The caller should
	be the one dealing.  Additionally, it was probably wrong to
	unconditionally free the object regardless of whether the mode is
	XDR_DECODE.
	(auth_gssapi_unwrap_data): Use temp_xdrs rather than in_xdrs to
	force XDR_FREE operation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12051 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/rpc/ChangeLog          | 22 ++++++++++++++
 src/lib/rpc/auth_gssapi.c      |  3 +-
 src/lib/rpc/auth_gssapi_misc.c | 52 +++++++++++-----------------------
 src/lib/rpc/svc_auth_gssapi.c  |  3 ++
 4 files changed, 43 insertions(+), 37 deletions(-)

diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog
index 9dca9664f..444225c2a 100644
--- a/src/lib/rpc/ChangeLog
+++ b/src/lib/rpc/ChangeLog
@@ -1,3 +1,25 @@
+2000-02-16  Tom Yu  <tlyu@mit.edu>
+
+	* auth_gssapi.c (auth_gssapi_create): Free call_res because
+	xdr_authgssapi_init_res can potentially allocate memory.  Perhaps
+	clnt_call should really deal with this, though.  It is not at all
+	clear whether clnt_call or svc_getargs should actually end up
+	freeing allocated memory themselves.
+
+2000-02-15  Tom Yu  <tlyu@mit.edu>
+
+	* svc_auth_gssapi.c (_svcauth_gssapi): Call gssrpc_xdr_free() if
+	xdr_authgssapi_creds() or xdr_authgssapi_init_arg() fails.
+
+	* auth_gssapi_misc.c (xdr_authgssapi_creds):
+	(xdr_authgssapi_init_arg):
+	(xdr_authgssapi_init_res): Revert prior change.  The caller should
+	be the one dealing.  Additionally, it was probably wrong to
+	unconditionally free the object regardless of whether the mode is
+	XDR_DECODE.
+	(auth_gssapi_unwrap_data): Use temp_xdrs rather than in_xdrs to
+	force XDR_FREE operation.
+
 2000-02-14  Tom Yu  <tlyu@mit.edu>
 
 	* svc.c (xprt_register): Zero out xports after allocating.
diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index 1c85765c9..a81c2faf6 100644
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -292,7 +292,8 @@ next_token:
 	  
 	  if (callstat != RPC_SUCCESS) {
 	       struct rpc_err err;
-	       
+
+	       xdr_free(xdr_authgssapi_init_res, &call_res);
 	       clnt_geterr(clnt, &err);
 	       if (callstat == RPC_AUTHERROR &&
 		   (err.re_why == AUTH_BADCRED || err.re_why == AUTH_FAILED)
diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c
index 4bc691178..fd9393c32 100644
--- a/src/lib/rpc/auth_gssapi_misc.c
+++ b/src/lib/rpc/auth_gssapi_misc.c
@@ -49,13 +49,9 @@ bool_t xdr_authgssapi_creds(xdrs, creds)
    auth_gssapi_creds *creds;
 {
      if (! xdr_u_int32(xdrs, &creds->version) ||
-	 ! xdr_bool(xdrs, &creds->auth_msg))
-	     return FALSE;
-     if (! xdr_gss_buf(xdrs, &creds->client_handle)) {
-	     xdrs->x_op = XDR_FREE;
-	     (void)xdr_gss_buf(xdrs, &creds->client_handle);
-	     return FALSE;
-     }
+	 ! xdr_bool(xdrs, &creds->auth_msg) ||
+	 ! xdr_gss_buf(xdrs, &creds->client_handle))
+       return FALSE;
      return TRUE;
 }
 
@@ -63,13 +59,9 @@ bool_t xdr_authgssapi_init_arg(xdrs, init_arg)
    XDR *xdrs;
    auth_gssapi_init_arg *init_arg;
 {
-     if (! xdr_u_int32(xdrs, &init_arg->version))
-	     return FALSE;
-     if (! xdr_gss_buf(xdrs, &init_arg->token)) {
-	     xdrs->x_op = XDR_FREE;
-	     (void)xdr_gss_buf(xdrs, &init_arg->token);
-	     return FALSE;
-     }
+     if (! xdr_u_int32(xdrs, &init_arg->version) ||
+	 ! xdr_gss_buf(xdrs, &init_arg->token))
+	  return FALSE;
      return TRUE;
 }
 
@@ -77,26 +69,13 @@ bool_t xdr_authgssapi_init_res(xdrs, init_res)
    XDR *xdrs;
    auth_gssapi_init_res *init_res;
 {
-     if (! xdr_u_int32(xdrs, &init_res->version))
-	     return FALSE;
-     if (! xdr_gss_buf(xdrs, &init_res->client_handle)) {
-	     xdrs->x_op = XDR_FREE;
-	     (void)xdr_gss_buf(xdrs, &init_res->client_handle);
-	     return FALSE;
-     }
-     if (! xdr_u_int32(xdrs, &init_res->gss_major) ||
-	 ! xdr_u_int32(xdrs, &init_res->gss_minor))
-	     return FALSE;
-     if (! xdr_gss_buf(xdrs, &init_res->token)) {
-	     xdrs->x_op =  XDR_FREE;
-	     (void)xdr_gss_buf(xdrs, &init_res->token);
-	     return FALSE;
-     }
-     if (! xdr_gss_buf(xdrs, &init_res->signed_isn)) {
-	     xdrs->x_op = XDR_FREE;
-	     (void)xdr_gss_buf(xdrs, &init_res->signed_isn);
-	     return FALSE;
-     }
+     if (! xdr_u_int32(xdrs, &init_res->version) ||
+	 ! xdr_gss_buf(xdrs, &init_res->client_handle) ||
+	 ! xdr_u_int32(xdrs, &init_res->gss_major) ||
+	 ! xdr_u_int32(xdrs, &init_res->gss_minor) ||
+	 ! xdr_gss_buf(xdrs, &init_res->token) ||
+	 ! xdr_gss_buf(xdrs, &init_res->signed_isn))
+	  return FALSE;
      return TRUE;
 }
 
@@ -288,8 +267,8 @@ bool_t auth_gssapi_unwrap_data(major, minor, context, seq_num,
      if (! xdr_bytes(in_xdrs, (char **) &in_buf.value, 
 		     (unsigned int *) &in_buf.length, (unsigned int) -1)) {
 	 PRINTF(("gssapi_unwrap_data: deserializing encrypted data failed\n"));
-	 in_xdrs->x_op = XDR_FREE;
-	 (void)xdr_bytes(in_xdrs, (char **) &in_buf.value,
+	 temp_xdrs.x_op = XDR_FREE;
+	 (void)xdr_bytes(&temp_xdrs, (char **) &in_buf.value,
 			 (unsigned int *) &in_buf.length,
 			 (unsigned int) -1);
 	 return FALSE;
@@ -326,6 +305,7 @@ bool_t auth_gssapi_unwrap_data(major, minor, context, seq_num,
      if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) {
 	  PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n"));
 	  gss_release_buffer(minor, &out_buf);
+	  gssrpc_xdr_free(xdr_func, xdr_ptr);
 	  XDR_DESTROY(&temp_xdrs);
 	  return FALSE;
      }
diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c
index df59859f0..b1c275a4e 100644
--- a/src/lib/rpc/svc_auth_gssapi.c
+++ b/src/lib/rpc/svc_auth_gssapi.c
@@ -162,6 +162,7 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
      if (! xdr_authgssapi_creds(&xdrs, &creds)) {
 	  PRINTF(("svcauth_gssapi: failed decoding creds\n"));
 	  LOG_MISCERR("protocol error in client credentials");
+	  gssrpc_xdr_free(xdr_authgssapi_creds, &creds);
 	  XDR_DESTROY(&xdrs);
 	  ret = AUTH_BADCRED;
 	  goto error;
@@ -270,6 +271,7 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
 			    &call_arg)) {
 	       PRINTF(("svcauth_gssapi: cannot decode args\n"));
 	       LOG_MISCERR("protocol error in procedure arguments");
+	       xdr_free(xdr_authgssapi_init_arg, &call_arg);
 	       ret = AUTH_BADCRED;
 	       goto error;
 	  }
@@ -550,6 +552,7 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
 				      &call_arg)) {
 			 PRINTF(("svcauth_gssapi: cannot decode args\n"));
 			 LOG_MISCERR("protocol error in call arguments");
+			 xdr_free(xdr_authgssapi_init_arg, &call_arg);
 			 ret = AUTH_BADCRED;
 			 goto error;
 		    }
-- 
2.26.2