From b0bc54c9212028d6701157295bf081dbf8e386f2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 3 Mar 2022 17:49:36 +0100 Subject: [PATCH] lib/krb5: let krb5_init_creds_step() return an allocated out buffer It should not return pointers to the internal state, this matches the way the krb5_init_creds_step() works in MIT. NOTE: commit 1cdc9d5f3cff0288846c29c35ee91b6056a2e2bb "krb5: export krb5_init_creds_step()" exported krb5_init_creds_step() the first time, but that's not in any released version, so it should be fine to change the behavior as there can't be any external users of the function. Signed-off-by: Stefan Metzmacher --- lib/krb5/init_creds_pw.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index dc090ded3..4985d709b 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -3411,8 +3411,11 @@ init_creds_step(krb5_context context, if(len != ctx->req_buffer.length) krb5_abortx(context, "internal error in ASN.1 encoder"); - out->data = ctx->req_buffer.data; - out->length = ctx->req_buffer.length; + ret = krb5_data_copy(out, + ctx->req_buffer.data, + ctx->req_buffer.length); + if (ret) + goto out; *flags = KRB5_INIT_CREDS_STEP_FLAG_CONTINUE; @@ -3434,8 +3437,8 @@ init_creds_step(krb5_context context, * * @param context a Kerberos 5 context. * @param ctx ctx krb5_init_creds_context context. - * @param in input data from KDC, first round it should be reset by krb5_data_zer(). - * @param out reply to KDC. + * @param in input data from KDC, first round it should be reset by krb5_data_zero(). + * @param out reply to KDC. The caller needs to call krb5_data_free() * @param flags status of the round, if * KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. * @@ -3701,6 +3704,7 @@ krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) ret = krb5_sendto_context (context, stctx, &out, ctx->cred.client->realm, &in); + krb5_data_free(&out); if (ret) goto out;