check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
The ASN.1 functions copy_Realm(), copy_PrincipalName() and copy_EncryptionKey() can fail. Check the return and perform error handling as appropriate. Change-Id: I2b3629d19db96eb41d1cd554cef1dca99745e753
This commit is contained in:
Jeffrey Altman
@@ -1946,7 +1946,9 @@ _kdc_as_rep(kdc_request_t r,
|
||||
goto out;
|
||||
|
||||
rep.ticket.tkt_vno = 5;
|
||||
copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
|
||||
ret = copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
_krb5_principal2principalname(&rep.ticket.sname,
|
||||
r->server->entry.principal);
|
||||
/* java 1.6 expects the name to be the same type, lets allow that
|
||||
@@ -2111,8 +2113,12 @@ _kdc_as_rep(kdc_request_t r,
|
||||
ALLOC(r->ek.renew_till);
|
||||
*r->ek.renew_till = *r->et.renew_till;
|
||||
}
|
||||
copy_Realm(&rep.ticket.realm, &r->ek.srealm);
|
||||
copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
|
||||
ret = copy_Realm(&rep.ticket.realm, &r->ek.srealm);
|
||||
if (ret)
|
||||
goto out;
|
||||
ret = copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
|
||||
if (ret)
|
||||
goto out;
|
||||
if(r->et.caddr){
|
||||
ALLOC(r->ek.caddr);
|
||||
copy_HostAddresses(r->et.caddr, r->ek.caddr);
|
||||
|
||||
@@ -807,15 +807,21 @@ tgs_make_reply(krb5_context context,
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
copy_Realm(&server_principal->realm, &rep.ticket.realm);
|
||||
ret = copy_Realm(&server_principal->realm, &rep.ticket.realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
_krb5_principal2principalname(&rep.ticket.sname, server_principal);
|
||||
copy_Realm(&tgt_name->realm, &rep.crealm);
|
||||
ret = copy_Realm(&tgt_name->realm, &rep.crealm);
|
||||
if (ret)
|
||||
goto out;
|
||||
/*
|
||||
if (f.request_anonymous)
|
||||
_kdc_make_anonymous_principalname (&rep.cname);
|
||||
else */
|
||||
|
||||
copy_PrincipalName(&tgt_name->name, &rep.cname);
|
||||
ret = copy_PrincipalName(&tgt_name->name, &rep.cname);
|
||||
if (ret)
|
||||
goto out;
|
||||
rep.ticket.tkt_vno = 5;
|
||||
|
||||
ek.caddr = et.caddr;
|
||||
|
||||
@@ -82,7 +82,9 @@ encode_ticket(krb5_context context,
|
||||
et.flags = cred->flags.b;
|
||||
et.key = cred->session;
|
||||
et.crealm = cred->client->realm;
|
||||
copy_PrincipalName(&cred->client->name, &et.cname);
|
||||
ret = copy_PrincipalName(&cred->client->name, &et.cname);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "copy_PrincipalName");
|
||||
{
|
||||
krb5_data empty_string;
|
||||
|
||||
@@ -127,7 +129,9 @@ encode_ticket(krb5_context context,
|
||||
|
||||
ticket.tkt_vno = 5;
|
||||
ticket.realm = cred->server->realm;
|
||||
copy_PrincipalName(&cred->server->name, &ticket.sname);
|
||||
ret = copy_PrincipalName(&cred->server->name, &ticket.sname);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "copy_PrincipalName");
|
||||
|
||||
ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
|
||||
if(ret)
|
||||
|
||||
@@ -117,8 +117,12 @@ _krb5_build_authenticator (krb5_context context,
|
||||
memset(&auth, 0, sizeof(auth));
|
||||
|
||||
auth.authenticator_vno = 5;
|
||||
copy_Realm(&cred->client->realm, &auth.crealm);
|
||||
copy_PrincipalName(&cred->client->name, &auth.cname);
|
||||
ret = copy_Realm(&cred->client->realm, &auth.crealm);
|
||||
if (ret)
|
||||
goto fail;
|
||||
ret = copy_PrincipalName(&cred->client->name, &auth.cname);
|
||||
if (ret)
|
||||
goto fail;
|
||||
|
||||
krb5_us_timeofday (context, &auth.ctime, &auth.cusec);
|
||||
|
||||
|
||||
@@ -355,11 +355,17 @@ krb5_get_forwarded_creds (krb5_context context,
|
||||
|
||||
krb_cred_info = enc_krb_cred_part.ticket_info.val;
|
||||
|
||||
copy_EncryptionKey (&out_creds->session, &krb_cred_info->key);
|
||||
ret = copy_EncryptionKey (&out_creds->session, &krb_cred_info->key);
|
||||
if (ret)
|
||||
goto out4;
|
||||
ALLOC(krb_cred_info->prealm, 1);
|
||||
copy_Realm (&out_creds->client->realm, krb_cred_info->prealm);
|
||||
ret = copy_Realm (&out_creds->client->realm, krb_cred_info->prealm);
|
||||
if (ret)
|
||||
goto out4;
|
||||
ALLOC(krb_cred_info->pname, 1);
|
||||
copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname);
|
||||
ret = copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname);
|
||||
if (ret)
|
||||
goto out4;
|
||||
ALLOC(krb_cred_info->flags, 1);
|
||||
*krb_cred_info->flags = out_creds->flags.b;
|
||||
ALLOC(krb_cred_info->authtime, 1);
|
||||
@@ -371,11 +377,17 @@ krb5_get_forwarded_creds (krb5_context context,
|
||||
ALLOC(krb_cred_info->renew_till, 1);
|
||||
*krb_cred_info->renew_till = out_creds->times.renew_till;
|
||||
ALLOC(krb_cred_info->srealm, 1);
|
||||
copy_Realm (&out_creds->server->realm, krb_cred_info->srealm);
|
||||
ret = copy_Realm (&out_creds->server->realm, krb_cred_info->srealm);
|
||||
if (ret)
|
||||
goto out4;
|
||||
ALLOC(krb_cred_info->sname, 1);
|
||||
copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname);
|
||||
ret = copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname);
|
||||
if (ret)
|
||||
goto out4;
|
||||
ALLOC(krb_cred_info->caddr, 1);
|
||||
copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr);
|
||||
ret = copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr);
|
||||
if (ret)
|
||||
goto out4;
|
||||
|
||||
krb5_free_creds (context, out_creds);
|
||||
|
||||
|
||||
@@ -271,7 +271,11 @@ krb5_rd_cred(krb5_context context,
|
||||
}
|
||||
if(creds->ticket.length != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
copy_EncryptionKey (&kci->key, &creds->session);
|
||||
ret = copy_EncryptionKey (&kci->key, &creds->session);
|
||||
if (ret) {
|
||||
krb5_free_creds(context, creds);
|
||||
goto out;
|
||||
}
|
||||
if (kci->prealm && kci->pname)
|
||||
_krb5_principalname2krb5_principal (context,
|
||||
&creds->client,
|
||||
|
||||
Reference in New Issue
Block a user