From cbf68e7ae3bbae299793240ee3b65a45bb09f7c6 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Sun, 4 Feb 2007 02:03:48 +0000 Subject: [PATCH] MEMORY keytab does not copy keytab_entry keyblock contents In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the keytab_entry keyblock contents - but instead retains a pointer to the incomming one. In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal keyblock contents memory is returned to the caller - which is subsequently freed when tht caller invokes krb5_free_keytab_entry_contents. Solution is to use krb5_copy_keyblock_contents() instead of simply copying the structure. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/keytab/kt_memory.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index 5e550d492..7e055b737 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -442,12 +442,18 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, out_entry->timestamp = entry->timestamp; out_entry->vno = entry->vno; out_entry->key = entry->key; + err = krb5_copy_keyblock_contents(context, &(entry->key), + &(out_entry->key)); /* * Coerce the enctype of the output keyblock in case we * got an inexact match on the enctype. */ out_entry->key.enctype = enctype; - err = krb5_copy_principal(context, entry->principal, &(out_entry->principal)); + if(!err) { + err = krb5_copy_principal(context, + entry->principal, + &(out_entry->principal)); + } } else { if (!err) err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND; @@ -524,7 +530,11 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry entry->timestamp = mkt_cursor->entry->timestamp; entry->vno = mkt_cursor->entry->vno; entry->key = mkt_cursor->entry->key; - err = krb5_copy_principal(context, mkt_cursor->entry->principal, &(entry->principal)); + err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), + &(entry->key)); + if (!err) + err = krb5_copy_principal(context, mkt_cursor->entry->principal, + &(entry->principal)); if (!err) *cursor = (krb5_kt_cursor *)mkt_cursor->next; KTUNLOCK(id); @@ -571,9 +581,17 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) cursor->entry->magic = entry->magic; cursor->entry->timestamp = entry->timestamp; cursor->entry->vno = entry->vno; - cursor->entry->key = entry->key; + err = krb5_copy_keyblock_contents(context, &(entry->key), + &(cursor->entry->key)); + if (err) { + krb5_xfree(cursor->entry); + krb5_xfree(cursor); + goto done; + } + err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal)); if (err) { + krb5_free_keyblock_contents(context, &(cursor->entry->key)); krb5_xfree(cursor->entry); krb5_xfree(cursor); goto done; -- 2.26.2