From c042a565116a44e1c9e11ff179f41ec72cd3e5cb Mon Sep 17 00:00:00 2001
From: Ezra Peisach <epeisach@mit.edu>
Date: Sun, 13 Apr 2003 13:01:51 +0000
Subject: [PATCH] Obscure memory leak in asn1_decode_kdc_req_body

	* asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if
	optional server field is lacking,

ticket: new
component: krb5-libs
target_version: 1.3
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15350 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/asn.1/ChangeLog       |  5 +++++
 src/lib/krb5/asn.1/asn1_k_decode.c | 16 +++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index b1ff161c4..01e6d96cd 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,8 @@
+2003-04-13  Ezra Peisach  <epeisach@mit.edu>
+
+	* asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if
+	optional server field is lacking,
+
 2003-03-11  Ken Raeburn  <raeburn@mit.edu>
 
 	* asn1_get.c (asn1_get_tag): Deleted.
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index c64ebb84e..a19dda2a3 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -541,7 +541,9 @@ asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val)
 asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val)
 {
   setup();
-  { begin_structure();
+  { 
+    krb5_principal psave;
+    begin_structure();
     get_field(val->kdc_options,0,asn1_decode_kdc_options);
     if(tagnum == 1){ alloc_field(val->client,krb5_principal_data); }
     opt_field(val->client,1,asn1_decode_principal_name,NULL);
@@ -550,7 +552,19 @@ asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val)
     if(val->client != NULL){
       retval = asn1_krb5_realm_copy(val->client,val->server);
       if(retval) return retval; }
+
+    /* If opt_field server is missing, memory reference to server is
+       lost and results in memory leak */
+    psave = val->server;
     opt_field(val->server,3,asn1_decode_principal_name,NULL);
+    if(val->server == NULL){
+      if(psave->realm.data) {
+	free(psave->realm.data);
+	psave->realm.data = NULL;
+	psave->realm.length=0;
+      }
+      free(psave);
+    }
     opt_field(val->from,4,asn1_decode_kerberos_time,0);
     get_field(val->till,5,asn1_decode_kerberos_time);
     opt_field(val->rtime,6,asn1_decode_kerberos_time,0);
-- 
2.26.2