From 00bea41dcb6c1a6a1822bf798d489fbce8515571 Mon Sep 17 00:00:00 2001
From: "Roland C. Dowdeswell" <elric@imrryr.org>
Date: Mon, 28 Nov 2011 13:41:38 +0000
Subject: [PATCH] Fix hdb_generate_key_set() to honour ks_tuple, n_ks_tuple.

The code was generating a char ** of string representations of the
ks_tuple() array but it was not using it.  We modify the code to:

	1.  extend the array returned by ks_tuple2str() to include
	    enough space for the trailing NULL and ensure that there
	    is a NULL at the end,

	2.  not free the array before exiting ks_tuple2str() as we
	    intend to use it in the caller,

	3.  re-organise the pointers in hdb_generate_key_set() to
	    make it more clear how we are to free things that have
	    been allocated.

	4.  free the char ** given us by ks_tuple2str() if it has
	    been allocated.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>
---
 lib/hdb/keys.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c
index 8728c54d1..ff562c818 100644
--- a/lib/hdb/keys.c
+++ b/lib/hdb/keys.c
@@ -438,7 +438,7 @@ ks_tuple2str(krb5_context context, int n_ks_tuple,
 	if (n_ks_tuple < 1)
 		return 0;
 
-	if ((ksnames = calloc(n_ks_tuple, sizeof (*ksnames))) == NULL)
+	if ((ksnames = calloc(n_ks_tuple + 1, sizeof (*ksnames))) == NULL)
 		return (errno);
 
 	for (i = 0; i < n_ks_tuple; i++) {
@@ -458,8 +458,9 @@ ks_tuple2str(krb5_context context, int n_ks_tuple,
 	    free(sname);
 	}
 
+	ksnames[i] = NULL;
 	*ks_tuple_strs = ksnames;
-	rc = 0;
+	return 0;
 
 out:
 	for (i = 0; i < n_ks_tuple; i++)
@@ -485,6 +486,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
     Key *k, *key_set;
     size_t i, j;
     char **ks_tuple_strs;
+    char **config_ktypes = NULL;
     static const char *default_keytypes[] = {
 	"aes256-cts-hmac-sha1-96:pw-salt",
 	"des3-cbc-sha1:pw-salt",
@@ -495,9 +497,12 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
     if ((ret = ks_tuple2str(context, n_ks_tuple, ks_tuple, &ks_tuple_strs)))
 	    return ret;
 
-    if (ks_tuple_strs == NULL)
-	ktypes = krb5_config_get_strings(context, NULL, "kadmin",
-					 "default_keys", NULL);
+    ktypes = ks_tuple_strs;
+    if (ktypes == NULL) {
+	config_ktypes = krb5_config_get_strings(context, NULL, "kadmin",
+						"default_keys", NULL);
+	ktypes = config_ktypes;
+    }
     if (ktypes == NULL)
 	ktypes = (char **)(intptr_t)default_keytypes;
 
@@ -567,8 +572,12 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
     *ret_key_set = key_set;
 
  out:
-    if (ktypes != (char **)(intptr_t)default_keytypes)
-	krb5_config_free_strings(ktypes);
+    if (config_ktypes != NULL)
+	krb5_config_free_strings(config_ktypes);
+
+    for(kp = ks_tuple_strs; kp && *kp; kp++)
+	free(kp);
+    free(ks_tuple_strs);
 
     if (ret) {
 	krb5_warn(context, ret,