From b093eb3abf01697d364720738db2a0f81104b184 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Wed, 7 Jun 1995 00:40:44 +0000 Subject: [PATCH] (key_decrypt_keys): On error, when clearing keyblocks, set contents to null. (key_get_admin_entry): Allocate enough memory for admin_princ_name. Initialize akey and pkey to zero. Cannot use krb5_free_keyblock on stack based keyblock. (key_finish): Cannot use krb5_free_keyblock on bss based keyblock. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5960 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/v5server/ChangeLog | 11 +++++++++++ src/kadmin/v5server/srv_key.c | 20 +++++++++++++++----- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog index d357a39b4..afb7aa2b3 100644 --- a/src/kadmin/v5server/ChangeLog +++ b/src/kadmin/v5server/ChangeLog @@ -1,3 +1,14 @@ +Tue Jun 6 19:42:18 1995 Ezra Peisach + + * srv_key.c (key_decrypt_keys): On error, when clearing keyblocks, + set contents to null. + (key_get_admin_entry): Allocate enough memory for + admin_princ_name. + Initialize akey and pkey to zero. + Cannot use krb5_free_keyblock on stack + based keyblock. + (key_finish): Cannot use krb5_free_keyblock on bss based + keyblock. Mon Jun 5 14:14:10 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c(key_get_admin_entry) - When adding database entry for diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c index 8dba7c375..768b55b9d 100644 --- a/src/kadmin/v5server/srv_key.c +++ b/src/kadmin/v5server/srv_key.c @@ -108,12 +108,15 @@ key_get_admin_entry(kcontext) DPRINT(DEBUG_CALLS, key_debug_level, ("* key_get_admin_entry()\n")); kret = ENOMEM; realm_name = key_master_realm(); + + memset((char *) &akey, 0, sizeof(akey)); + memset((char *) &pkey, 0, sizeof(pkey)); /* * The admin principal format is: * /@ */ admin_princ_name = (char *) malloc((size_t) - ((2*strlen(realm_name)) + 2 + + ((2*strlen(realm_name)) + 3 + strlen(KRB5_ADM_SERVICE_NAME))); if (admin_princ_name) { /* Format the admin name */ @@ -155,8 +158,11 @@ key_get_admin_entry(kcontext) memcpy((char *) &madmin_key, (char *) &pkey, sizeof(pkey)); - if (akey.contents) - krb5_free_keyblock(kcontext, &akey); + if (akey.contents) { + memset((char *) &akey.contents, 0, + (size_t) akey.length); + krb5_xfree(akey.contents); + } madmin_key_init = 1; } else { @@ -510,7 +516,8 @@ key_init(kcontext, debug_level, enc_type, key_type, master_key_name, manual, mkeytab_init = 0; } if (madmin_key_init) { - krb5_free_keyblock(kcontext, &madmin_key); + memset((char *)madmin_key.contents, 0, madmin_key.length); + krb5_xfree(madmin_key.contents); madmin_key_init = 0; } } @@ -561,7 +568,8 @@ key_finish(kcontext, debug_level) mkeytab_init = 0; } if (madmin_key_init) { - krb5_free_keyblock(kcontext, &madmin_key); + memset((char *)madmin_key.contents, 0, madmin_key.length); + krb5_xfree(madmin_key.contents); madmin_key_init = 0; } krb5_db_fini(kcontext); @@ -772,11 +780,13 @@ key_decrypt_keys(kcontext, principal, eprimary, ealternate, primary, alternate) if (primary->contents) { memset((char *) primary->contents, 0, (size_t) primary->length); krb5_xfree(primary->contents); + primary->contents = 0; } if (alternate->contents) { memset((char *) alternate->contents, 0, (size_t) alternate->length); krb5_xfree(alternate->contents); + alternate->contents = 0; } } DPRINT(DEBUG_CALLS, key_debug_level, -- 2.26.2