oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(tgs_rep2): try to avoid leaking auth_context

Browse Source 
use free_ent


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9033 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-09-10 14:17:36 +00:00
parent edd9d8dd4d
commit 735d459976
1 changed files with 16 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
kdc/kerberos5.c
View File

@@ -864,15 +864,10 @@ out2:
free(client_name); free(client_name);
krb5_free_principal(context, server_princ); krb5_free_principal(context, server_princ);
free(server_name); free(server_name);
if(client){ if(client)
hdb_free_entry(context, client); free_ent(client);
free(client); if(server)
} free_ent(server);
if(server){
hdb_free_entry(context, server);
free(server);
}
return ret; return ret;
} }
@@ -1418,6 +1413,7 @@ tgs_rep2(KDC_REQ_BODY *b,
ac, ac,
&subkey); &subkey);
if(ret){ if(ret){
krb5_auth_con_free(context, ac);
kdc_log(0, "Failed to get remote subkey: %s", kdc_log(0, "Failed to get remote subkey: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
goto out2; goto out2;
@@ -1425,18 +1421,21 @@ tgs_rep2(KDC_REQ_BODY *b,
if(subkey == NULL){ if(subkey == NULL){
ret = krb5_auth_con_getkey(context, ac, &subkey); ret = krb5_auth_con_getkey(context, ac, &subkey);
if(ret) { if(ret) {
krb5_auth_con_free(context, ac);
kdc_log(0, "Failed to get session key: %s", kdc_log(0, "Failed to get session key: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
goto out2; goto out2;
} }
} }
if(subkey == NULL){ if(subkey == NULL){
krb5_auth_con_free(context, ac);
kdc_log(0, "Failed to get key for enc-authorization-data"); kdc_log(0, "Failed to get key for enc-authorization-data");
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
goto out2; goto out2;
} }
ret = krb5_crypto_init(context, subkey, 0, &crypto); ret = krb5_crypto_init(context, subkey, 0, &crypto);
if (ret) { if (ret) {
krb5_auth_con_free(context, ac);
kdc_log(0, "krb5_crypto_init failed: %s", kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
goto out2; goto out2;
@@ -1448,6 +1447,7 @@ tgs_rep2(KDC_REQ_BODY *b,
&ad); &ad);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if(ret){ if(ret){
krb5_auth_con_free(context, ac);
kdc_log(0, "Failed to decrypt enc-authorization-data"); kdc_log(0, "Failed to decrypt enc-authorization-data");
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
goto out2; goto out2;
@@ -1456,6 +1456,7 @@ tgs_rep2(KDC_REQ_BODY *b,
ALLOC(auth_data); ALLOC(auth_data);
ret = decode_AuthorizationData(ad.data, ad.length, auth_data, NULL); ret = decode_AuthorizationData(ad.data, ad.length, auth_data, NULL);
if(ret){ if(ret){
krb5_auth_con_free(context, ac);
free(auth_data); free(auth_data);
auth_data = NULL; auth_data = NULL;
kdc_log(0, "Failed to decode authorization data"); kdc_log(0, "Failed to decode authorization data");
@@ -1603,15 +1604,10 @@ tgs_rep2(KDC_REQ_BODY *b,
free(spn); free(spn);
free(cpn); free(cpn);
if(server){ if(server)
hdb_free_entry(context, server); free_ent(server);
free(server); if(client)
} free_ent(client);
if(client){
hdb_free_entry(context, client);
free(client);
}
} }
out2: out2:
if(ret) if(ret)
@@ -1635,10 +1631,8 @@ out2:
free(auth_data); free(auth_data);
} }
if(krbtgt){ if(krbtgt)
hdb_free_entry(context, krbtgt); free_ent(krbtgt);
free(krbtgt);
}
return ret; return ret;
} }