From 8769dc787edd9043fc3058efa9e302af89c41319 Mon Sep 17 00:00:00 2001
From: Chris Provenzano <proven@mit.edu>
Date: Mon, 12 Jun 1995 21:41:23 +0000
Subject: [PATCH] 	A couple bug reports/patches from Ed Phillips
 (flaregun@udel.edu) 	* in_tkt_ktb.c (keytab_keyproc()): Fix memory leak. 
 * recvauth.c (krb5_recvauth()): Don't open a new rcache if 		the
 auth_context already has one. 	* auth_con.c (krb5_auth_con_free()): Close
 rcache is the 		auth_context has one set. 	* auth_con.c
 (krb5_auth_con_getrcache()): Return pointer 		to the rcache set in
 the auth_context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6043 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/ChangeLog    | 12 +++++++
 src/lib/krb5/krb/auth_con.c   | 13 ++++++++
 src/lib/krb5/krb/in_tkt_ktb.c |  2 ++
 src/lib/krb5/krb/recvauth.c   | 60 ++++++++++++++++-------------------
 4 files changed, 54 insertions(+), 33 deletions(-)

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 141f8f447..f805e20eb 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,15 @@
+
+Mon Jun 12 16:49:42 1995  Chris Provenzano (proven@mit.edu)
+
+	A couple bug reports/patches from Ed Phillips (flaregun@udel.edu)
+	* in_tkt_ktb.c (keytab_keyproc()): Fix memory leak. 
+	* recvauth.c (krb5_recvauth()): Don't open a new rcache if
+		the auth_context already has one.
+	* auth_con.c (krb5_auth_con_free()): Close rcache is the
+		auth_context has one set.
+	* auth_con.c (krb5_auth_con_getrcache()): Return pointer
+		to the rcache set in the auth_context.
+
 Sun Jun 11 12:31:39 1995  Ezra Peisach  (epeisach@kangaroo.mit.edu)
 
 	* auth_con.c (krb5_auth_con_init): Zero newly allocated
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index 86af54bff..840cfe82f 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -44,6 +44,8 @@ krb5_auth_con_free(context, auth_context)
 	krb5_free_keyblock(context, auth_context->local_subkey);
     if (auth_context->remote_subkey) 
 	krb5_free_keyblock(context, auth_context->remote_subkey);
+    if (auth_context->rcache)
+	krb5_rc_close(context, auth_context->rcache);
     free(auth_context);
     return 0;
 }
@@ -351,3 +353,14 @@ krb5_auth_con_setrcache(context, auth_context, rcache)
     auth_context->rcache = rcache;
     return 0;
 }
+    
+krb5_error_code
+krb5_auth_con_getrcache(context, auth_context, rcache)
+    krb5_context      	  context;
+    krb5_auth_context 	  auth_context;
+    krb5_rcache		* rcache;
+{
+    *rcache = auth_context->rcache;
+    return 0;
+}
+    
diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
index d5cbf1195..9cf295e83 100644
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ b/src/lib/krb5/krb/in_tkt_ktb.c
@@ -86,6 +86,8 @@ keytab_keyproc(context, type, salt, keyseed, key)
     }	
 
     (void) krb5_kt_free_entry(context, &kt_ent);
+    if (arg->keytab) 
+	krb5_kt_close(context, kt_id);
     *key = realkey;
     return 0;
 }
diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c
index 27052fc41..77ea1cfc3 100644
--- a/src/lib/krb5/krb/recvauth.c
+++ b/src/lib/krb5/krb/recvauth.c
@@ -130,23 +130,33 @@ krb5_recvauth(context, auth_context,
 		return(problem); /* We'll return the top-level problem */
 	}
 	if (problem)
-		return(problem);
+	    return(problem);
+
+    /* We are clear of errors here */
 
-/* Were clear here */
     /*
-     * Setup the replay cache.
+     * Now, let's read the AP_REQ message and decode it
      */
-    if (server) {
-        problem = krb5_get_server_rcache(context, 
-			krb5_princ_component(context, server, 0), &rcache);
-    } else {
-    	null_server.length = 7;
-    	null_server.data = "default";
-    	problem = krb5_get_server_rcache(context, &null_server, &rcache);
-    }
+    if (retval = krb5_read_message(context, fd, &inbuf))
+        return retval;
 
-    if (!problem) {
-	if (krb5_rc_recover(context, rcache)) {
+    if (*auth_context == NULL) {
+	problem = krb5_auth_con_init(context, &new_auth_context);
+	*auth_context = new_auth_context;
+    }
+    if ((!problem) && ((*auth_context)->rcache == NULL)) {
+        /*
+         * Setup the replay cache.
+         */
+        if (server) {
+            problem = krb5_get_server_rcache(context, 
+			krb5_princ_component(context, server, 0), &rcache);
+        } else {
+    	    null_server.length = 7;
+    	    null_server.data = "default";
+    	    problem = krb5_get_server_rcache(context, &null_server, &rcache);
+        }
+	if ((!problem) && krb5_rc_recover(context, rcache)) {
 	    /*
 	     * If the rc_recover() didn't work, then try
 	     * initializing the replay cache.
@@ -157,29 +167,12 @@ krb5_recvauth(context, auth_context,
 		rcache = NULL;
 	    }
 	}
-    }
-
-    /*
-     * Now, let's read the AP_REQ message and decode it
-     */
-    if ((retval = krb5_read_message(context, fd, &inbuf))) {
-	if (problem) /* Return top level problem */
-	    retval = problem; 
-	goto cleanup;
-    }
-
-    if (!problem) {
-    	if (*auth_context == NULL) {
-	    problem = krb5_auth_con_init(context, &new_auth_context);
-	    *auth_context = new_auth_context;
-	}
-    }
-    if (!problem) {
-	problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
+        if (!problem) 
+	    problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
     }
     if (!problem) {
 	problem = krb5_rd_req(context, auth_context, &inbuf, server,
-				      keytab, &ap_option, ticket);
+			      keytab, &ap_option, ticket);
 	krb5_xfree(inbuf.data);
     }
 	
@@ -240,6 +233,7 @@ cleanup:;
     if (retval) {
 	if (rcache)
 	    krb5_rc_close(context, rcache);
+	krb5_auth_con_free(context, *auth_context);
     }
     return retval;
 }
-- 
2.26.2