From fd862bbdc55f3e0b7a44b2ee26f01affc999a665 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 9 Jun 2011 21:08:57 +0000
Subject: [PATCH] pull up r24937 from trunk

 ------------------------------------------------------------------------
 r24937 | ghudson | 2011-05-21 22:08:37 -0400 (Sat, 21 May 2011) | 10 lines

 ticket: 6913
 subject: Fix multiple tl-data updates over iprop
 target_version: 1.9.2
 tags: pullup

 krb5_dbe_update_tl_data() accepts a single read-only tl-data entry,
 but ulog_conv_2dbentry() expects it to process a full list.  Fix
 ulog_conv_2dbentry() to call krb5_db2_update_tl_data() on each entry
 individually, simplifying its memory management in the process.

ticket: 6913
version_fixed: 1.9.2
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24955 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kdb/kdb_convert.c | 43 ++++++++-------------------------------
 1 file changed, 8 insertions(+), 35 deletions(-)

diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c
index 20bcc31e8..365407d29 100644
--- a/src/lib/kdb/kdb_convert.c
+++ b/src/lib/kdb/kdb_convert.c
@@ -585,7 +585,7 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
     int i, j, cnt = 0, mod_time = 0, nattrs;
     krb5_principal dbprinc;
     char *dbprincstr = NULL;
-    krb5_tl_data *newtl = NULL;
+    krb5_tl_data newtl;
     krb5_error_code ret;
     unsigned int prev_n_keys = 0;
     krb5_boolean is_add;
@@ -732,40 +732,13 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
             break;
 
         case AT_TL_DATA: {
-            int t;
-
-            cnt = u.av_tldata.av_tldata_len;
-            newtl = calloc(cnt, sizeof (krb5_tl_data));
-            if (newtl == NULL)
-                return (ENOMEM);
-
-            for (j = 0, t = 0; j < cnt; j++) {
-                newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
-                newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
-                newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet));
-                if (newtl[t].tl_data_contents == NULL)
-                    /* XXX Memory leak: newtl
-                       and previously
-                       allocated elements.  */
-                    return (ENOMEM);
-
-                (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length);
-                newtl[t].tl_data_next = NULL;
-                if (t > 0)
-                    newtl[t - 1].tl_data_next = &newtl[t];
-                t++;
-            }
-
-            if ((ret = krb5_dbe_update_tl_data(context, ent, newtl)))
-                return (ret);
-            for (j = 0; j < t; j++)
-                if (newtl[j].tl_data_contents) {
-                    free(newtl[j].tl_data_contents);
-                    newtl[j].tl_data_contents = NULL;
-                }
-            if (newtl) {
-                free(newtl);
-                newtl = NULL;
+            for (j = 0; j < (int)u.av_tldata.av_tldata_len; j++) {
+                newtl.tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
+                newtl.tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
+                newtl.tl_data_contents = (krb5_octet *)u.av_tldata.av_tldata_val[j].tl_data.tl_data_val;
+                newtl.tl_data_next = NULL;
+                if ((ret = krb5_dbe_update_tl_data(context, ent, &newtl)))
+                    return (ret);
             }
             break;
 /* END CSTYLED */
-- 
2.26.2