oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmind: kadmin_dispatch leaks memory

Browse Source 
Change-Id: I8bc332c4c9b7a8dc1d63494a82ec7af89c0ec7ca
This commit is contained in:
Jeffrey Altman
2016-11-19 07:43:39 -05:00
parent 055edd9669
commit bdfc24e9c0
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
kadmin/server.c
View File

@@ -49,7 +49,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
const char *op = ""; const char *op = "";
krb5_principal princ, princ2; krb5_principal princ, princ2;
kadm5_principal_ent_rec ent, ent_prev; kadm5_principal_ent_rec ent, ent_prev;
char *password, *expression; char *password = NULL, *expression;
krb5_keyblock *new_keys; krb5_keyblock *new_keys;
krb5_key_salt_tuple *ks_tuple = NULL; krb5_key_salt_tuple *ks_tuple = NULL;
krb5_boolean keepold = FALSE; krb5_boolean keepold = FALSE;
@@ -59,6 +59,7 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
int n_princs; int n_princs;
int keys_ok = 0; int keys_ok = 0;
krb5_storage *sp; krb5_storage *sp;
int len;
krb5_unparse_name_fixed(contextp->context, contextp->caller, krb5_unparse_name_fixed(contextp->context, contextp->caller,
client, sizeof(client)); client, sizeof(client));
@@ -182,8 +183,6 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
ent.principal); ent.principal);
if(ret){ if(ret){
kadm5_free_principal_ent(kadm_handlep, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
memset(password, 0, strlen(password));
free(password);
goto fail; goto fail;
} }
if ((mask & KADM5_TL_DATA)) { if ((mask & KADM5_TL_DATA)) {
@@ -194,16 +193,12 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
ret = check_aliases(contextp, &ent, NULL); ret = check_aliases(contextp, &ent, NULL);
if (ret) { if (ret) {
kadm5_free_principal_ent(kadm_handlep, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
memset(password, 0, strlen(password));
free(password);
goto fail; goto fail;
} }
} }
ret = kadm5_create_principal(kadm_handlep, &ent, ret = kadm5_create_principal(kadm_handlep, &ent,
mask, password); mask, password);
kadm5_free_principal_ent(kadm_handlep, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
memset(password, 0, strlen(password));
free(password);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -351,15 +346,11 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
if(ret) { if(ret) {
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password));
free(password);
goto fail; goto fail;
} }
ret = kadm5_chpass_principal_3(kadm_handlep, princ, keepold, 0, NULL, ret = kadm5_chpass_principal_3(kadm_handlep, princ, keepold, 0, NULL,
password); password);
krb5_free_principal(contextp->context, princ); krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password));
free(password);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -579,10 +570,20 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_store_int32(sp, KADM5_FAILURE); krb5_store_int32(sp, KADM5_FAILURE);
break; break;
} }
if (password != NULL) {
len = strlen(password);
memset_s(password, len, 0, len);
free(password);
}
krb5_storage_to_data(sp, out); krb5_storage_to_data(sp, out);
krb5_storage_free(sp); krb5_storage_free(sp);
return 0; return 0;
fail: fail:
if (password != NULL) {
len = strlen(password);
memset_s(password, len, 0, len);
free(password);
}
krb5_warn(contextp->context, ret, "%s", op); krb5_warn(contextp->context, ret, "%s", op);
krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_seek(sp, 0, SEEK_SET);
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);