pkinit: fix leak in client
This commit is contained in:
@@ -1091,6 +1091,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
struct krb5_pk_cert *host = NULL;
|
||||
krb5_data content;
|
||||
heim_octet_string unwrapped;
|
||||
heim_oid contentType = { 0, NULL };
|
||||
int flags = HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT;
|
||||
|
||||
@@ -1122,9 +1123,8 @@ pk_rd_pa_reply_enckey(krb5_context context,
|
||||
/* win2k uses ContentInfo */
|
||||
if (type == PKINIT_WIN2K) {
|
||||
heim_oid type2;
|
||||
heim_octet_string out;
|
||||
|
||||
ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
|
||||
ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &unwrapped, NULL);
|
||||
if (ret) {
|
||||
/* windows LH with interesting CMS packets */
|
||||
size_t ph = 1 + der_length_len(content.length);
|
||||
@@ -1143,7 +1143,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
|
||||
content.data = ptr;
|
||||
content.length += ph;
|
||||
|
||||
ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
|
||||
ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &unwrapped, NULL);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
@@ -1152,13 +1152,13 @@ pk_rd_pa_reply_enckey(krb5_context context,
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("PKINIT: Invalid content type", ""));
|
||||
der_free_oid(&type2);
|
||||
der_free_octet_string(&out);
|
||||
der_free_octet_string(&unwrapped);
|
||||
goto out;
|
||||
}
|
||||
der_free_oid(&type2);
|
||||
krb5_data_free(&content);
|
||||
ret = krb5_data_copy(&content, out.data, out.length);
|
||||
der_free_octet_string(&out);
|
||||
ret = krb5_data_copy(&content, unwrapped.data, unwrapped.length);
|
||||
der_free_octet_string(&unwrapped);
|
||||
if (ret) {
|
||||
krb5_set_error_message(context, ret,
|
||||
N_("malloc: out of memory", ""));
|
||||
@@ -1171,10 +1171,13 @@ pk_rd_pa_reply_enckey(krb5_context context,
|
||||
content.length,
|
||||
ctx->id,
|
||||
&contentType,
|
||||
&content,
|
||||
&unwrapped,
|
||||
&host);
|
||||
if (ret)
|
||||
goto out;
|
||||
krb5_data_free(&content);
|
||||
ret = krb5_data_copy(&content, unwrapped.data, unwrapped.length);
|
||||
der_free_octet_string(&unwrapped);
|
||||
|
||||
/* make sure that it is the kdc's certificate */
|
||||
ret = pk_verify_host(context, realm, hi, ctx, host);
|
||||
@@ -1887,7 +1890,7 @@ _krb5_pk_load_id(krb5_context context,
|
||||
NULL, *chain_list);
|
||||
if (ret) {
|
||||
pk_copy_error(context, context->hx509ctx, ret,
|
||||
"Failed to laod chain %s",
|
||||
"Failed to load chain %s",
|
||||
*chain_list);
|
||||
goto out;
|
||||
}
|
||||
|
Reference in New Issue
Block a user