Fixed memory leak pointed out by Rafal Malinowski, also while here
moved to use NegotiationToken for decoding. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21185 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -541,11 +541,11 @@ acceptor_start
|
|||||||
)
|
)
|
||||||
{
|
{
|
||||||
OM_uint32 ret, ret2, minor;
|
OM_uint32 ret, ret2, minor;
|
||||||
NegTokenInit ni;
|
NegotiationToken nt;
|
||||||
size_t ni_len;
|
size_t nt_len;
|
||||||
|
NegTokenInit *ni;
|
||||||
int i;
|
int i;
|
||||||
gss_buffer_desc data;
|
gss_buffer_desc data;
|
||||||
size_t len, taglen;
|
|
||||||
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
|
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
|
||||||
gss_buffer_desc mech_output_token;
|
gss_buffer_desc mech_output_token;
|
||||||
gss_buffer_desc mech_buf;
|
gss_buffer_desc mech_buf;
|
||||||
@@ -582,39 +582,30 @@ acceptor_start
|
|||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
ret = der_match_tag_and_length(data.value, data.length,
|
ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len);
|
||||||
ASN1_C_CONTEXT, CONS,
|
gss_release_buffer(minor_status, &data);
|
||||||
0,
|
|
||||||
&len, &taglen);
|
|
||||||
if (ret) {
|
|
||||||
*minor_status = ret;
|
|
||||||
return GSS_S_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (len > data.length - taglen) {
|
|
||||||
*minor_status = ASN1_OVERRUN;
|
|
||||||
return GSS_S_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = decode_NegTokenInit((const unsigned char *)data.value + taglen,
|
|
||||||
len, &ni, &ni_len);
|
|
||||||
if (ret) {
|
if (ret) {
|
||||||
*minor_status = ret;
|
*minor_status = ret;
|
||||||
return GSS_S_DEFECTIVE_TOKEN;
|
return GSS_S_DEFECTIVE_TOKEN;
|
||||||
}
|
}
|
||||||
|
if (nt.element != choice_NegotiationToken_negTokenInit) {
|
||||||
|
*minor_status = 0;
|
||||||
|
return GSS_S_DEFECTIVE_TOKEN;
|
||||||
|
}
|
||||||
|
ni = &nt.u.negTokenInit;
|
||||||
|
|
||||||
if (ni.mechTypes.len < 1) {
|
if (ni->mechTypes.len < 1) {
|
||||||
free_NegTokenInit(&ni);
|
free_NegotiationToken(&nt);
|
||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return GSS_S_DEFECTIVE_TOKEN;
|
return GSS_S_DEFECTIVE_TOKEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
|
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
|
||||||
|
|
||||||
ret = copy_MechTypeList(&ni.mechTypes, &ctx->initiator_mech_types);
|
ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
||||||
free_NegTokenInit(&ni);
|
free_NegotiationToken(&nt);
|
||||||
*minor_status = ret;
|
*minor_status = ret;
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
@@ -627,17 +618,17 @@ acceptor_start
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
ret = select_mech(minor_status,
|
ret = select_mech(minor_status,
|
||||||
&ni.mechTypes.val[0],
|
&ni->mechTypes.val[0],
|
||||||
0,
|
0,
|
||||||
&preferred_mech_type);
|
&preferred_mech_type);
|
||||||
|
|
||||||
if (ret == 0 && ni.mechToken != NULL) {
|
if (ret == 0 && ni->mechToken != NULL) {
|
||||||
gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
|
gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
|
||||||
gss_cred_id_t mech_cred;
|
gss_cred_id_t mech_cred;
|
||||||
gss_buffer_desc ibuf;
|
gss_buffer_desc ibuf;
|
||||||
|
|
||||||
ibuf.length = ni.mechToken->length;
|
ibuf.length = ni->mechToken->length;
|
||||||
ibuf.value = ni.mechToken->data;
|
ibuf.value = ni->mechToken->data;
|
||||||
mech_input_token = &ibuf;
|
mech_input_token = &ibuf;
|
||||||
|
|
||||||
if (acceptor_cred != NULL)
|
if (acceptor_cred != NULL)
|
||||||
@@ -681,7 +672,7 @@ acceptor_start
|
|||||||
&mech_buf,
|
&mech_buf,
|
||||||
mech_input_token,
|
mech_input_token,
|
||||||
&mech_output_token,
|
&mech_output_token,
|
||||||
ni.mechListMIC,
|
ni->mechListMIC,
|
||||||
output_token);
|
output_token);
|
||||||
if (ret != GSS_S_COMPLETE)
|
if (ret != GSS_S_COMPLETE)
|
||||||
goto out;
|
goto out;
|
||||||
@@ -697,9 +688,9 @@ acceptor_start
|
|||||||
if (!first_ok) {
|
if (!first_ok) {
|
||||||
|
|
||||||
/* Call glue layer to find first mech we support */
|
/* Call glue layer to find first mech we support */
|
||||||
for (i = 1; i < ni.mechTypes.len; ++i) {
|
for (i = 1; i < ni->mechTypes.len; ++i) {
|
||||||
ret = select_mech(minor_status,
|
ret = select_mech(minor_status,
|
||||||
&ni.mechTypes.val[i],
|
&ni->mechTypes.val[i],
|
||||||
1,
|
1,
|
||||||
&preferred_mech_type);
|
&preferred_mech_type);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
@@ -707,7 +698,7 @@ acceptor_start
|
|||||||
}
|
}
|
||||||
if (preferred_mech_type == GSS_C_NO_OID) {
|
if (preferred_mech_type == GSS_C_NO_OID) {
|
||||||
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
||||||
free_NegTokenInit(&ni);
|
free_NegotiationToken(&nt);
|
||||||
return GSS_S_BAD_MECH;
|
return GSS_S_BAD_MECH;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -735,7 +726,8 @@ out:
|
|||||||
free(mech_buf.value);
|
free(mech_buf.value);
|
||||||
mech_buf.value = NULL;
|
mech_buf.value = NULL;
|
||||||
}
|
}
|
||||||
free_NegTokenInit(&ni);
|
free_NegotiationToken(&nt);
|
||||||
|
|
||||||
|
|
||||||
if (ret == GSS_S_COMPLETE) {
|
if (ret == GSS_S_COMPLETE) {
|
||||||
if (src_name != NULL && ctx->mech_src_name != NULL) {
|
if (src_name != NULL && ctx->mech_src_name != NULL) {
|
||||||
@@ -790,10 +782,9 @@ acceptor_continue
|
|||||||
)
|
)
|
||||||
{
|
{
|
||||||
OM_uint32 ret, ret2, minor;
|
OM_uint32 ret, ret2, minor;
|
||||||
NegTokenResp na;
|
NegotiationToken nt;
|
||||||
size_t na_len;
|
size_t nt_len;
|
||||||
gss_buffer_desc data;
|
NegTokenResp *na;
|
||||||
size_t len, taglen;
|
|
||||||
unsigned int negResult = accept_incomplete;
|
unsigned int negResult = accept_incomplete;
|
||||||
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
|
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
|
||||||
gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
|
gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
|
||||||
@@ -810,32 +801,21 @@ acceptor_continue
|
|||||||
* context token (negTokenInit).
|
* context token (negTokenInit).
|
||||||
*/
|
*/
|
||||||
|
|
||||||
data.value = input_token_buffer->value;
|
ret = decode_NegotiationToken(input_token_buffer->value,
|
||||||
data.length = input_token_buffer->length;
|
input_token_buffer->length,
|
||||||
|
&nt, &nt_len);
|
||||||
ret = der_match_tag_and_length(data.value, data.length,
|
|
||||||
ASN1_C_CONTEXT, CONS,
|
|
||||||
1,
|
|
||||||
&len, &taglen);
|
|
||||||
if (ret) {
|
|
||||||
*minor_status = ret;
|
|
||||||
return GSS_S_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (len > data.length - taglen) {
|
|
||||||
*minor_status = ASN1_OVERRUN;
|
|
||||||
return GSS_S_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = decode_NegTokenResp((const unsigned char *)data.value + taglen,
|
|
||||||
len, &na, &na_len);
|
|
||||||
if (ret) {
|
if (ret) {
|
||||||
*minor_status = ret;
|
*minor_status = ret;
|
||||||
return GSS_S_DEFECTIVE_TOKEN;
|
return GSS_S_DEFECTIVE_TOKEN;
|
||||||
}
|
}
|
||||||
|
if (nt.element != choice_NegotiationToken_negTokenResp) {
|
||||||
|
*minor_status = 0;
|
||||||
|
return GSS_S_DEFECTIVE_TOKEN;
|
||||||
|
}
|
||||||
|
na = &nt.u.negTokenResp;
|
||||||
|
|
||||||
if (na.negResult != NULL) {
|
if (na->negResult != NULL) {
|
||||||
negResult = *(na.negResult);
|
negResult = *(na->negResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
|
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
|
||||||
@@ -846,9 +826,9 @@ acceptor_continue
|
|||||||
int require_response;
|
int require_response;
|
||||||
heim_octet_string *mic;
|
heim_octet_string *mic;
|
||||||
|
|
||||||
if (na.responseToken != NULL) {
|
if (na->responseToken != NULL) {
|
||||||
ibuf.length = na.responseToken->length;
|
ibuf.length = na->responseToken->length;
|
||||||
ibuf.value = na.responseToken->data;
|
ibuf.value = na->responseToken->data;
|
||||||
mech_input_token = &ibuf;
|
mech_input_token = &ibuf;
|
||||||
} else {
|
} else {
|
||||||
ibuf.value = NULL;
|
ibuf.value = NULL;
|
||||||
@@ -901,7 +881,7 @@ acceptor_continue
|
|||||||
mech_output_token = &obuf;
|
mech_output_token = &obuf;
|
||||||
}
|
}
|
||||||
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
|
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
|
||||||
free_NegTokenResp(&na);
|
free_NegotiationToken(&nt);
|
||||||
send_reject (minor_status, output_token);
|
send_reject (minor_status, output_token);
|
||||||
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
||||||
return ret;
|
return ret;
|
||||||
@@ -919,7 +899,7 @@ acceptor_continue
|
|||||||
|
|
||||||
ctx->require_mic = require_mic;
|
ctx->require_mic = require_mic;
|
||||||
|
|
||||||
mic = na.mechListMIC;
|
mic = na->mechListMIC;
|
||||||
if (mic != NULL)
|
if (mic != NULL)
|
||||||
require_mic = 1;
|
require_mic = 1;
|
||||||
|
|
||||||
@@ -930,7 +910,7 @@ acceptor_continue
|
|||||||
&mech_buf,
|
&mech_buf,
|
||||||
mech_input_token,
|
mech_input_token,
|
||||||
mech_output_token,
|
mech_output_token,
|
||||||
na.mechListMIC,
|
na->mechListMIC,
|
||||||
output_token);
|
output_token);
|
||||||
|
|
||||||
if (ctx->mech_flags & GSS_C_DCE_STYLE)
|
if (ctx->mech_flags & GSS_C_DCE_STYLE)
|
||||||
@@ -964,7 +944,7 @@ acceptor_continue
|
|||||||
gss_release_buffer(&minor, mech_output_token);
|
gss_release_buffer(&minor, mech_output_token);
|
||||||
if (mech_buf.value != NULL)
|
if (mech_buf.value != NULL)
|
||||||
free(mech_buf.value);
|
free(mech_buf.value);
|
||||||
free_NegTokenResp(&na);
|
free_NegotiationToken(&nt);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == GSS_S_COMPLETE) {
|
if (ret == GSS_S_COMPLETE) {
|
||||||
|
|||||||
Reference in New Issue
Block a user