From 9d0c85dfe2d5fbe2449f67014217f8c3e05c865f Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 15 Feb 2000 05:12:30 +0000 Subject: [PATCH] * svc.c (xprt_register): Zero out xports after allocating * auth_gssapi_misc.c (xdr_authgssapi_creds): (xdr_authgssapi_init_arg): (xdr_authgssapi_init_res): (auth_gssapi_unwrap_data): If xdr_gss_buf or xdr_bytes fails, call again with XDR_FREE set so that allocated memory doesn't leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12041 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/rpc/ChangeLog | 10 ++++++ src/lib/rpc/auth_gssapi_misc.c | 56 ++++++++++++++++++++++++---------- src/lib/rpc/svc.c | 1 + 3 files changed, 51 insertions(+), 16 deletions(-) diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 77b0f06a0..9dca9664f 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -1,3 +1,13 @@ +2000-02-14 Tom Yu + + * svc.c (xprt_register): Zero out xports after allocating. + + * auth_gssapi_misc.c (xdr_authgssapi_creds): + (xdr_authgssapi_init_arg): + (xdr_authgssapi_init_res): + (auth_gssapi_unwrap_data): If xdr_gss_buf or xdr_bytes fails, call + again with XDR_FREE set so that allocated memory doesn't leak. + 2000-01-24 Tom Yu * get_myaddress.c (gssrpc_get_myaddress): Copy in from NetBSD; diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c index 818aaeb46..4bc691178 100644 --- a/src/lib/rpc/auth_gssapi_misc.c +++ b/src/lib/rpc/auth_gssapi_misc.c @@ -49,9 +49,13 @@ bool_t xdr_authgssapi_creds(xdrs, creds) auth_gssapi_creds *creds; { if (! xdr_u_int32(xdrs, &creds->version) || - ! xdr_bool(xdrs, &creds->auth_msg) || - ! xdr_gss_buf(xdrs, &creds->client_handle)) - return FALSE; + ! xdr_bool(xdrs, &creds->auth_msg)) + return FALSE; + if (! xdr_gss_buf(xdrs, &creds->client_handle)) { + xdrs->x_op = XDR_FREE; + (void)xdr_gss_buf(xdrs, &creds->client_handle); + return FALSE; + } return TRUE; } @@ -59,9 +63,13 @@ bool_t xdr_authgssapi_init_arg(xdrs, init_arg) XDR *xdrs; auth_gssapi_init_arg *init_arg; { - if (! xdr_u_int32(xdrs, &init_arg->version) || - ! xdr_gss_buf(xdrs, &init_arg->token)) - return FALSE; + if (! xdr_u_int32(xdrs, &init_arg->version)) + return FALSE; + if (! xdr_gss_buf(xdrs, &init_arg->token)) { + xdrs->x_op = XDR_FREE; + (void)xdr_gss_buf(xdrs, &init_arg->token); + return FALSE; + } return TRUE; } @@ -69,13 +77,26 @@ bool_t xdr_authgssapi_init_res(xdrs, init_res) XDR *xdrs; auth_gssapi_init_res *init_res; { - if (! xdr_u_int32(xdrs, &init_res->version) || - ! xdr_gss_buf(xdrs, &init_res->client_handle) || - ! xdr_u_int32(xdrs, &init_res->gss_major) || - ! xdr_u_int32(xdrs, &init_res->gss_minor) || - ! xdr_gss_buf(xdrs, &init_res->token) || - ! xdr_gss_buf(xdrs, &init_res->signed_isn)) - return FALSE; + if (! xdr_u_int32(xdrs, &init_res->version)) + return FALSE; + if (! xdr_gss_buf(xdrs, &init_res->client_handle)) { + xdrs->x_op = XDR_FREE; + (void)xdr_gss_buf(xdrs, &init_res->client_handle); + return FALSE; + } + if (! xdr_u_int32(xdrs, &init_res->gss_major) || + ! xdr_u_int32(xdrs, &init_res->gss_minor)) + return FALSE; + if (! xdr_gss_buf(xdrs, &init_res->token)) { + xdrs->x_op = XDR_FREE; + (void)xdr_gss_buf(xdrs, &init_res->token); + return FALSE; + } + if (! xdr_gss_buf(xdrs, &init_res->signed_isn)) { + xdrs->x_op = XDR_FREE; + (void)xdr_gss_buf(xdrs, &init_res->signed_isn); + return FALSE; + } return TRUE; } @@ -264,11 +285,14 @@ bool_t auth_gssapi_unwrap_data(major, minor, context, seq_num, in_buf.value = NULL; out_buf.value = NULL; - if (! xdr_bytes(in_xdrs, (char **) &in_buf.value, (unsigned int *) &in_buf.length, (unsigned int) -1)) { - PRINTF(("gssapi_unwrap_data: deserializing encrypted data failed\n")); - return FALSE; + PRINTF(("gssapi_unwrap_data: deserializing encrypted data failed\n")); + in_xdrs->x_op = XDR_FREE; + (void)xdr_bytes(in_xdrs, (char **) &in_buf.value, + (unsigned int *) &in_buf.length, + (unsigned int) -1); + return FALSE; } *major = gss_unseal(minor, context, &in_buf, &out_buf, &conf, diff --git a/src/lib/rpc/svc.c b/src/lib/rpc/svc.c index f38b0debc..3118df241 100644 --- a/src/lib/rpc/svc.c +++ b/src/lib/rpc/svc.c @@ -90,6 +90,7 @@ xprt_register(xprt) if (xports == NULL) { xports = (SVCXPRT **) mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *)); + memset(xports, 0, FD_SETSIZE * sizeof(SVCXPRT *)); } if (sock < _gssrpc_rpc_dtablesize()) { xports[sock] = xprt; -- 2.26.2