From c2961ced3c9a908bdb67e5d7ed877f685d7f515f Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 24 Mar 2015 14:32:32 -0500 Subject: [PATCH] Fix leak in kimpersonate --- kuser/kimpersonate.c | 110 +++++++++++++++++++++---------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/kuser/kimpersonate.c b/kuser/kimpersonate.c index 5b37a2095..a54635499 100644 --- a/kuser/kimpersonate.c +++ b/kuser/kimpersonate.c @@ -56,11 +56,11 @@ static const char *enc_type = "aes256-cts-hmac-sha1-96"; static const char *session_enc_type = NULL; static void -encode_ticket (krb5_context context, - EncryptionKey *skey, - krb5_enctype etype, - int skvno, - krb5_creds *cred) +encode_ticket(krb5_context context, + EncryptionKey *skey, + krb5_enctype etype, + int skvno, + krb5_creds *cred) { size_t len, size; char *buf; @@ -70,8 +70,8 @@ encode_ticket (krb5_context context, EncTicketPart et; Ticket ticket; - memset (&enc_part, 0, sizeof(enc_part)); - memset (&ticket, 0, sizeof(ticket)); + memset(&enc_part, 0, sizeof(enc_part)); + memset(&ticket, 0, sizeof(ticket)); /* * Set up `enc_part' @@ -106,7 +106,7 @@ encode_ticket (krb5_context context, ret = krb5_crypto_init(context, skey, etype, &crypto); if (ret) krb5_err(context, 1, ret, "krb5_crypto_init"); - ret = krb5_encrypt_EncryptedData (context, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_TICKET, buf, @@ -129,7 +129,7 @@ encode_ticket (krb5_context context, ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret); if(ret) - krb5_err (context, 1, ret, "encode_Ticket"); + krb5_err(context, 1, ret, "encode_Ticket"); krb5_data_copy(&cred->ticket, buf, len); free(buf); @@ -140,7 +140,7 @@ encode_ticket (krb5_context context, */ static int -create_krb5_tickets (krb5_context context, krb5_keytab kt) +create_krb5_tickets(krb5_context context, krb5_keytab kt) { krb5_error_code ret; krb5_keytab_entry entry; @@ -149,30 +149,29 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) krb5_enctype session_etype; krb5_ccache ccache; - memset (&cred, 0, sizeof(cred)); + memset(&cred, 0, sizeof(cred)); - ret = krb5_string_to_enctype (context, enc_type, &etype); + ret = krb5_string_to_enctype(context, enc_type, &etype); if (ret) krb5_err (context, 1, ret, "krb5_string_to_enctype (enc-type)"); - ret = krb5_string_to_enctype (context, session_enc_type, &session_etype); + ret = krb5_string_to_enctype(context, session_enc_type, &session_etype); if (ret) krb5_err (context, 1, ret, "krb5_string_to_enctype (session-enc-type)"); - ret = krb5_kt_get_entry (context, kt, server_principal, - 0, etype, &entry); + ret = krb5_kt_get_entry(context, kt, server_principal, 0, etype, &entry); if (ret) - krb5_err (context, 1, ret, "krb5_kt_get_entry"); + krb5_err(context, 1, ret, "krb5_kt_get_entry"); /* * setup cred */ - ret = krb5_copy_principal (context, client_principal, &cred.client); + ret = krb5_copy_principal(context, client_principal, &cred.client); if (ret) - krb5_err (context, 1, ret, "krb5_copy_principal"); - ret = krb5_copy_principal (context, server_principal, &cred.server); + krb5_err(context, 1, ret, "krb5_copy_principal"); + ret = krb5_copy_principal(context, server_principal, &cred.server); if (ret) - krb5_err (context, 1, ret, "krb5_copy_principal"); + krb5_err(context, 1, ret, "krb5_copy_principal"); krb5_generate_random_keyblock(context, session_etype, &cred.session); cred.times.authtime = time(NULL); @@ -181,9 +180,9 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) cred.times.renew_till = 0; krb5_data_zero(&cred.second_ticket); - ret = krb5_get_all_client_addrs (context, &cred.addresses); + ret = krb5_get_all_client_addrs(context, &cred.addresses); if (ret) - krb5_err (context, 1, ret, "krb5_get_all_client_addrs"); + krb5_err(context, 1, ret, "krb5_get_all_client_addrs"); cred.flags.b = ticket_flags; @@ -191,7 +190,8 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) * Encode encrypted part of ticket */ - encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred); + encode_ticket(context, &entry.keyblock, etype, entry.vno, &cred); + krb5_kt_free_entry(context, &entry); /* * Write to cc @@ -200,23 +200,23 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) if (ccache_str) { ret = krb5_cc_resolve(context, ccache_str, &ccache); if (ret) - krb5_err (context, 1, ret, "krb5_cc_resolve"); + krb5_err(context, 1, ret, "krb5_cc_resolve"); } else { - ret = krb5_cc_default (context, &ccache); + ret = krb5_cc_default(context, &ccache); if (ret) - krb5_err (context, 1, ret, "krb5_cc_default"); + krb5_err(context, 1, ret, "krb5_cc_default"); } - ret = krb5_cc_initialize (context, ccache, cred.client); + ret = krb5_cc_initialize(context, ccache, cred.client); if (ret) - krb5_err (context, 1, ret, "krb5_cc_initialize"); + krb5_err(context, 1, ret, "krb5_cc_initialize"); - ret = krb5_cc_store_cred (context, ccache, &cred); + ret = krb5_cc_store_cred(context, ccache, &cred); if (ret) - krb5_err (context, 1, ret, "krb5_cc_store_cred"); + krb5_err(context, 1, ret, "krb5_cc_store_cred"); - krb5_free_cred_contents (context, &cred); - krb5_cc_close (context, ccache); + krb5_free_cred_contents(context, &cred); + krb5_cc_close(context, ccache); return 0; } @@ -226,28 +226,28 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) */ static void -setup_env (krb5_context context, krb5_keytab *kt) +setup_env(krb5_context context, krb5_keytab *kt) { krb5_error_code ret; if (keytab_file) - ret = krb5_kt_resolve (context, keytab_file, kt); + ret = krb5_kt_resolve(context, keytab_file, kt); else - ret = krb5_kt_default (context, kt); + ret = krb5_kt_default(context, kt); if (ret) - krb5_err (context, 1, ret, "resolving keytab"); + krb5_err(context, 1, ret, "resolving keytab"); if (client_principal_str == NULL) - krb5_errx (context, 1, "missing client principal"); - ret = krb5_parse_name (context, client_principal_str, &client_principal); + krb5_errx(context, 1, "missing client principal"); + ret = krb5_parse_name(context, client_principal_str, &client_principal); if (ret) - krb5_err (context, 1, ret, "resolvning client name"); + krb5_err(context, 1, ret, "resolvning client name"); if (server_principal_str == NULL) - krb5_errx (context, 1, "missing server principal"); - ret = krb5_parse_name (context, server_principal_str, &server_principal); + krb5_errx(context, 1, "missing server principal"); + ret = krb5_parse_name(context, server_principal_str, &server_principal); if (ret) - krb5_err (context, 1, ret, "resolvning server name"); + krb5_err(context, 1, ret, "resolvning server name"); /* If no session-enc-type specified on command line and this is an afs */ /* service ticket, change default of session_enc_type to DES. */ @@ -261,12 +261,12 @@ setup_env (krb5_context context, krb5_keytab *kt) ticket_flags_int = parse_flags(ticket_flags_str, asn1_TicketFlags_units(), 0); if (ticket_flags_int <= 0) { - krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str); - print_flags_table (asn1_TicketFlags_units(), stderr); - exit (1); + krb5_warnx(context, "bad ticket flags: `%s'", ticket_flags_str); + print_flags_table(asn1_TicketFlags_units(), stderr); + exit(1); } if (ticket_flags_int) - ticket_flags = int2TicketFlags (ticket_flags_int); + ticket_flags = int2TicketFlags(ticket_flags_int); } } @@ -302,26 +302,26 @@ struct getargs args[] = { }; static void -usage (int ret) +usage(int ret) { - arg_printusage (args, - sizeof(args) / sizeof(args[0]), - NULL, - ""); - exit (ret); + arg_printusage(args, + sizeof(args) / sizeof(args[0]), + NULL, + ""); + exit(ret); } int -main (int argc, char **argv) +main(int argc, char **argv) { int optidx = 0; krb5_error_code ret; krb5_context context; krb5_keytab kt; - setprogname (argv[0]); + setprogname(argv[0]); - ret = krb5_init_context (&context); + ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context failed: %u", ret);