oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509_request_get_san can return an output string on failure

Browse Source 
Tighten up all of the call sites of hx509_request_get_san()
to free the output string returned upon failure.

Use frees(&s) instead of free(s); s = NULL;.

Change-Id: I71035d7c1d2330a1a3a1b3b730cdd6ba1e6b7da3
This commit is contained in:
Jeffrey Altman
2022-01-16 21:36:09 -05:00
parent 3065730b8a
commit 708d9b4042
3 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kdc/kx509.c
View File

@@ -694,13 +694,12 @@ check_authz(krb5_context context,
_kdc_audit_addkv((kdc_request_t)reqctx, 0, "san0_type", "%s", _kdc_audit_addkv((kdc_request_t)reqctx, 0, "san0_type", "%s",
san_type_s); san_type_s);
_kdc_audit_addkv((kdc_request_t)reqctx, 0, "san0", "%s", s); _kdc_audit_addkv((kdc_request_t)reqctx, 0, "san0", "%s", s);
free(s);
} }
frees(&s);
ret = hx509_request_get_eku(reqctx->csr, 0, &s); ret = hx509_request_get_eku(reqctx->csr, 0, &s);
if (ret == 0) { if (ret == 0)
_kdc_audit_addkv((kdc_request_t)reqctx, 0, "eku0", "%s", s); _kdc_audit_addkv((kdc_request_t)reqctx, 0, "eku0", "%s", s);
free(s); free(s);
}
return 0; return 0;
} }
if (ret != KRB5_PLUGIN_NO_HANDLE) { if (ret != KRB5_PLUGIN_NO_HANDLE) {

14
kdc/simple_csr_authorizer.c
View File

@@ -157,6 +157,13 @@ string_encode(const char *in)
return s; return s;
} }
static void
frees(char **s)
{
free(*s);
*s = NULL;
}
static KRB5_LIB_CALL krb5_error_code static KRB5_LIB_CALL krb5_error_code
authorize(void *ctx, authorize(void *ctx,
krb5_context context, krb5_context context,
@@ -235,12 +242,12 @@ authorize(void *ctx,
ret = stat(p, &st) == -1 ? errno : 0; ret = stat(p, &st) == -1 ? errno : 0;
free(san); free(san);
free(p); free(p);
free(s); frees(&s);
s = NULL;
if (ret) if (ret)
goto skip; goto skip;
ret = hx509_request_authorize_san(csr, i); ret = hx509_request_authorize_san(csr, i);
} }
frees(&s);
if (ret == HX509_NO_ITEM) if (ret == HX509_NO_ITEM)
ret = 0; ret = 0;
if (ret) if (ret)
@@ -257,8 +264,7 @@ authorize(void *ctx,
goto enomem; goto enomem;
ret = stat(p, &st) == -1 ? errno : 0; ret = stat(p, &st) == -1 ? errno : 0;
free(p); free(p);
free(s); frees(&s);
s = NULL;
if (ret) if (ret)
goto skip; goto skip;
ret = hx509_request_authorize_eku(csr, i); ret = hx509_request_authorize_eku(csr, i);

2
lib/hx509/ca.c
View File

@@ -2353,7 +2353,6 @@ count_sans(hx509_request req, size_t *n)
for (i = 0; ret == 0; i++) { for (i = 0; ret == 0; i++) {
hx509_san_type san_type; hx509_san_type san_type;
frees(&s);
ret = hx509_request_get_san(req, i, &san_type, &s); ret = hx509_request_get_san(req, i, &san_type, &s);
if (ret) if (ret)
break; break;
@@ -2370,6 +2369,7 @@ count_sans(hx509_request req, size_t *n)
} }
frees(&s); frees(&s);
} }
free(s);
return ret == HX509_NO_ITEM ? 0 : ret; return ret == HX509_NO_ITEM ? 0 : ret;
} }