From e7df183dde42daf848f584781ef95897832e35e0 Mon Sep 17 00:00:00 2001
From: Paul Park <pjpark@mit.edu>
Date: Wed, 9 Aug 1995 21:23:47 +0000
Subject: [PATCH] Fix various memory allocation and key/salt tuple related bugs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6485 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kdb/ChangeLog | 15 ++++++++++++++
 src/lib/kdb/kdb_cpw.c | 46 ++++++++++++++++++++++++++++++++++++++-----
 src/lib/kdb/kdb_xdr.c |  3 ++-
 3 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index 2a9b62a08..415fc4148 100644
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,4 +1,19 @@
 
+Wed Aug 9 17:17:36 EDT 1995	Paul Park	(pjpark@mit.edu)
+	* kdb_cpw.c - Add check for uniqueness of key or key/salt combo.  Don't
+		generate a new key_data entry if one already exists.  Also,
+		fill in the key_data list at the end so as not to overwrite
+		already present data.
+		- Free krbtgt_keyblock contents in add_key_rnd().
+		- Put a "break" at the end of the KRB5_KDB_SALTTYPE_ONLYREALM
+		  in add_key_pwd().  Also pass in key_salt to encrypt_key_data
+		  always.
+	* kdb_xdr.c - initialize retval to 0 in decode_mod_princ data.  This is
+		questionable whether we should return an error if there's no
+		mod_princ data.  Also, free the allocated mod_princ only if
+		we allocated it and there's a failure.
+
+
 Wed Aug 9 09:47:08 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* kdb_cpw.c(add_key_rnd) - Terminate the variable length argument list
 		to krb5_build_principal_ext() with a zero.
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index 5625459a6..990d3e8e6 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -80,10 +80,11 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
     krb5_pointer 	  krbtgt_seed;	
     krb5_encrypt_block	  krbtgt_eblock;
     krb5_db_entry	  krbtgt_entry;
-    krb5_boolean	  more;
+    krb5_boolean	  more, found;
     int			  max_kvno, one, i, j;
     krb5_error_code	  retval;
 
+    memset(&krbtgt_keyblock, 0, sizeof(krbtgt_keyblock));
     retval = krb5_build_principal_ext(context, &krbtgt_princ,
 				      db_entry->princ->realm.length,
 				      db_entry->princ->realm.data,
@@ -116,6 +117,20 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
     }
 
     for (i = 0; i < ks_tuple_count; i++) {
+	/*
+	 * We could use krb5_keysalt_iterate to replace this loop, or use
+	 * krb5_keysalt_is_present for the loop below, but we want to avoid
+	 * circular library dependencies.
+	 */
+	found = 0;
+	for (j = 0; j < i; j++) {
+	    if (ks_tuple[j].ks_keytype == ks_tuple[i].ks_keytype) {
+		found = 1;
+		break;
+	    }
+	}
+	if (found)
+	    continue;
         if (retval = krb5_dbe_create_key_data(context, db_entry)) 
 	    goto add_key_rnd_err;
 
@@ -163,7 +178,7 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
 
     	if (retval = krb5_dbekd_encrypt_key_data(context, master_eblock, 
 						 key, NULL, kvno + 1, 
-						 db_entry->key_data)) {
+						 &db_entry->key_data[db_entry->n_key_data-1])) {
     	    krb5_free_keyblock(context, key);
 	    goto add_key_rnd_err;
 	}
@@ -174,6 +189,10 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
 
 add_key_rnd_err:;
     krb5_db_free_principal(context, &krbtgt_entry, one);
+    if (krbtgt_keyblock.contents && krbtgt_keyblock.length) {
+	memset(krbtgt_keyblock.contents, 0, krbtgt_keyblock.length);
+	krb5_xfree(krbtgt_keyblock.contents);
+    }
     return(retval);
 }
 
@@ -285,9 +304,25 @@ add_key_pwd(context, master_eblock, ks_tuple, ks_tuple_count, passwd,
     krb5_keysalt	  key_salt;
     krb5_keyblock	  key;
     krb5_data	  	  pwd;
-    int			  i;
+    krb5_boolean	  found;
+    int			  i, j;
 
     for (i = 0; i < ks_tuple_count; i++) {
+	/*
+	 * We could use krb5_keysalt_iterate to replace this loop, or use
+	 * krb5_keysalt_is_present for the loop below, but we want to avoid
+	 * circular library dependencies.
+	 */
+	found = 0;
+	for (j = 0; j < i; j++) {
+	    if ((ks_tuple[j].ks_keytype == ks_tuple[i].ks_keytype) &&
+		(ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype)) {
+		found = 1;
+		break;
+	    }
+	}
+	if (found)
+	    continue;
 	krb5_use_keytype(context, &key_eblock, ks_tuple[i].ks_keytype);
 	if (retval = krb5_dbe_create_key_data(context, db_entry)) 
 	    return(retval);
@@ -303,6 +338,7 @@ add_key_pwd(context, master_eblock, ks_tuple, ks_tuple_count, passwd,
 	    key_salt.data = *saltdata;
 	    krb5_xfree(saltdata);
 	}
+		break;
     	case KRB5_KDB_SALTTYPE_NOREALM:
             if (retval=krb5_principal2salt_norealm(context, db_entry->princ,
                                                          &key_salt.data)) 
@@ -329,8 +365,8 @@ add_key_pwd(context, master_eblock, ks_tuple, ks_tuple_count, passwd,
 	    return(retval);
 
 	if (retval = krb5_dbekd_encrypt_key_data(context, master_eblock, &key,
-		     key_salt.type ? (const krb5_keysalt *)&key_salt : NULL,
-		     kvno + 1, &db_entry->key_data[i])) {
+		     (const krb5_keysalt *)&key_salt,
+		     kvno + 1, &db_entry->key_data[db_entry->n_key_data-1])) {
 	    krb5_xfree(key.contents);
 	    return(retval);
 	}
diff --git a/src/lib/kdb/kdb_xdr.c b/src/lib/kdb/kdb_xdr.c
index ede37bf95..76286490e 100644
--- a/src/lib/kdb/kdb_xdr.c
+++ b/src/lib/kdb/kdb_xdr.c
@@ -112,6 +112,7 @@ krb5_dbe_decode_mod_princ_data(context, entry, mod_princ)
     krb5_tl_data        * tl_data;
     krb5_octet		* nextloc;
 
+    retval = 0;
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
 	if (tl_data->tl_data_type == KRB5_TL_MOD_PRINC) {
     	    if ((*mod_princ = malloc(sizeof(krb5_tl_mod_princ))) == NULL)
@@ -135,7 +136,7 @@ krb5_dbe_decode_mod_princ_data(context, entry, mod_princ)
 	}
     }
 
-    if (retval) 
+    if (retval && (*mod_princ)) 
 	free(*mod_princ);
     return retval;
 }
-- 
2.26.2