oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fix leak in krb5_rd_rep() callers

Browse Source
This commit is contained in:
Nicolas Williams
2016-11-20 15:51:47 -06:00
parent 943e76f99b
commit 6696920d9e
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/krb5/rd_rep.c
View File

@@ -45,6 +45,7 @@ krb5_rd_rep(krb5_context context,
krb5_data data; krb5_data data;
krb5_crypto crypto; krb5_crypto crypto;
*repl = NULL;
krb5_data_zero (&data); krb5_data_zero (&data);
ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
@@ -64,11 +65,11 @@ krb5_rd_rep(krb5_context context,
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
if (ret) if (ret)
goto out; goto out;
ret = krb5_decrypt_EncryptedData (context, ret = krb5_decrypt_EncryptedData(context,
crypto, crypto,
KRB5_KU_AP_REQ_ENC_PART, KRB5_KU_AP_REQ_ENC_PART,
&ap_rep.enc_part, &ap_rep.enc_part,
&data); &data);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if (ret) if (ret)
goto out; goto out;
@@ -81,17 +82,15 @@ krb5_rd_rep(krb5_context context,
ret = decode_EncAPRepPart(data.data, data.length, *repl, &len); ret = decode_EncAPRepPart(data.data, data.length, *repl, &len);
if (ret) { if (ret) {
krb5_set_error_message(context, ret, N_("Failed to decode EncAPRepPart", "")); krb5_set_error_message(context, ret, N_("Failed to decode EncAPRepPart", ""));
return ret; goto out;
} }
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
if ((*repl)->ctime != auth_context->authenticator->ctime || if ((*repl)->ctime != auth_context->authenticator->ctime ||
(*repl)->cusec != auth_context->authenticator->cusec) (*repl)->cusec != auth_context->authenticator->cusec)
{ {
krb5_free_ap_rep_enc_part(context, *repl);
*repl = NULL;
ret = KRB5KRB_AP_ERR_MUT_FAIL; ret = KRB5KRB_AP_ERR_MUT_FAIL;
krb5_clear_error_message (context); krb5_clear_error_message(context);
goto out; goto out;
} }
} }
@@ -102,8 +101,12 @@ krb5_rd_rep(krb5_context context,
krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
out: out:
krb5_data_free (&data); if (ret) {
free_AP_REP (&ap_rep); krb5_free_ap_rep_enc_part(context, *repl);
*repl = NULL;
}
krb5_data_free(&data);
free_AP_REP(&ap_rep);
return ret; return ret;
} }