oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: use _gss_secure_release_buffer_[set]

Browse Source 
Use new helper APIs for securely zeroing and releasing buffers and buffer sets.
This commit is contained in:
Luke Howard
2020-04-15 16:20:06 +10:00
parent 689eef20ec
commit 2c8fa27224
8 changed files with 14 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/gssapi/mech/gss_cred.c
View File

@@ -90,13 +90,13 @@ gss_export_cred(OM_uint32 * minor_status,
if (buffer.length) {
bytes = krb5_storage_write(sp, buffer.value, buffer.length);
if (bytes < 0 || (size_t)bytes != buffer.length) {
gss_release_buffer(minor_status, &buffer);
_gss_secure_release_buffer(minor_status, &buffer);
krb5_storage_free(sp);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
}
gss_release_buffer(minor_status, &buffer);
_gss_secure_release_buffer(minor_status, &buffer);
}
ret = krb5_storage_to_data(sp, &data);

2
lib/gssapi/mech/gss_duplicate_cred.c
View File

@@ -53,7 +53,7 @@ copy_cred_element(OM_uint32 *minor_status,
major_status = m->gm_export_cred(minor_status, mc->gmc_cred, &export);
if (major_status == GSS_S_COMPLETE) {
major_status = m->gm_import_cred(minor_status, &export, &dup_cred);
gss_release_buffer(&tmp, &export);
_gss_secure_release_buffer(&tmp, &export);
}
} else {
struct _gss_mechanism_name mn;

2
lib/gssapi/mech/gss_export_sec_context.c
View File

@@ -84,7 +84,7 @@ gss_export_sec_context(OM_uint32 *minor_status,
p[1] = m->gm_mech_oid.length;
memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length);
memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length);
gss_release_buffer(minor_status, &buf);
_gss_secure_release_buffer(minor_status, &buf);
} else {
_gss_mg_error(m, *minor_status);
}

6
lib/gssapi/mech/gss_inquire_cred_by_oid.c
View File

@@ -58,8 +58,8 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
m = mc->gmc_mech;
if (m == NULL) {
gss_release_buffer_set(minor_status, &set);
*minor_status = 0;
_gss_secure_release_buffer_set(minor_status, &set);
minor_status = 0;
return GSS_S_BAD_MECH;
}
@@ -79,7 +79,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
if (status != GSS_S_COMPLETE)
break;
}
gss_release_buffer_set(minor_status, &rset);
_gss_secure_release_buffer_set(minor_status, &rset);
}
if (set == GSS_C_NO_BUFFER_SET && status == GSS_S_COMPLETE)
status = GSS_S_FAILURE;

6
lib/gssapi/mech/gss_krb5.c
View File

@@ -383,7 +383,7 @@ gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
*rctx = ctx;
out:
gss_release_buffer_set(minor_status, &data_set);
_gss_secure_release_buffer_set(minor_status, &data_set);
if (sp)
krb5_storage_free(sp);
if (context)
@@ -736,7 +736,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status,
return major_status;
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
gss_release_buffer_set(minor_status, &data_set);
_gss_secure_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
@@ -757,7 +757,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status,
ret = krb5_ret_keyblock(sp, *keyblock);
out:
gss_release_buffer_set(minor_status, &data_set);
_gss_secure_release_buffer_set(minor_status, &data_set);
if (sp)
krb5_storage_free(sp);
if (ret && keyblock) {