oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

bx509d: Fix free() of text string

Browse Source 
Also fix a leak, and quiet some warnings.
This commit is contained in:
Nicolas Williams
2023-01-02 20:40:52 -06:00
parent e3bcc21dcb
commit c6074377bc
1 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
kdc/bx509d.c
View File

@@ -1546,7 +1546,7 @@ k5_get_creds(struct bx509_request_desc *r, enum k5_creds_kind kind)
static void static void
acc_str(char **acc, char *adds, size_t addslen) acc_str(char **acc, char *adds, size_t addslen)
{ {
char *tmp; char *tmp = NULL;
int l = addslen <= INT_MAX ? (int)addslen : INT_MAX; int l = addslen <= INT_MAX ? (int)addslen : INT_MAX;
if (asprintf(&tmp, "%s%s%.*s", if (asprintf(&tmp, "%s%s%.*s",
@@ -1573,7 +1573,7 @@ fmt_gss_error(OM_uint32 code, gss_OID mech)
acc_str(&r, (char *)buf.value, buf.length); acc_str(&r, (char *)buf.value, buf.length);
gss_release_buffer(&minor, &buf); gss_release_buffer(&minor, &buf);
} while (!GSS_ERROR(major) && more); } while (!GSS_ERROR(major) && more);
return r ? r : "Out of memory while formatting GSS-API error"; return r;
} }
static char * static char *
@@ -1583,7 +1583,10 @@ fmt_gss_errors(const char *r, OM_uint32 major, OM_uint32 minor, gss_OID mech)
ma = fmt_gss_error(major, GSS_C_NO_OID); ma = fmt_gss_error(major, GSS_C_NO_OID);
mi = mech == GSS_C_NO_OID ? NULL : fmt_gss_error(minor, mech); mi = mech == GSS_C_NO_OID ? NULL : fmt_gss_error(minor, mech);
if (asprintf(&s, "%s: %s%s%s", r, ma, mi ? ": " : "", mi ? mi : "") > -1 && if (asprintf(&s, "%s: %s%s%s", r,
ma ? ma : "Out of memory",
mi ? ": " : "",
mi ? mi : "") > -1 &&
s) { s) {
free(ma); free(ma);
free(mi); free(mi);
@@ -1608,8 +1611,13 @@ bad_req_gss(struct bx509_request_desc *r,
if (major == GSS_S_BAD_NAME || major == GSS_S_BAD_NAMETYPE) if (major == GSS_S_BAD_NAME || major == GSS_S_BAD_NAMETYPE)
http_status_code = MHD_HTTP_BAD_REQUEST; http_status_code = MHD_HTTP_BAD_REQUEST;
if (msg)
ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY, NULL, ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY, NULL,
msg, strlen(msg), NULL); msg, strlen(msg), NULL);
else
ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY, NULL,
"Out of memory while formatting GSS error message",
sizeof("Out of memory while formatting GSS error message") - 1, NULL);
free(msg); free(msg);
return ret; return ret;
} }
@@ -2132,6 +2140,7 @@ get_tgts_param_execute_cb(void *d,
size_t san_idx = r->san_idx++; size_t san_idx = r->san_idx++;
const char *save_for_cname = r->for_cname; const char *save_for_cname = r->for_cname;
char *s = NULL; char *s = NULL;
int res;
/* We expect only cname=principal q-params here */ /* We expect only cname=principal q-params here */
if (strcmp(key, "cname") != 0 || val == NULL) if (strcmp(key, "cname") != 0 || val == NULL)
@@ -2193,13 +2202,13 @@ get_tgts_param_execute_cb(void *d,
* If ret == 0 this will gather the TGT we acquired, else it will acquire * If ret == 0 this will gather the TGT we acquired, else it will acquire
* the error we got. * the error we got.
*/ */
ret = get_tgts_accumulate_ccache(r, ret); res = get_tgts_accumulate_ccache(r, ret);
/* Now we "pop" `r->for_cname' */ /* Now we "pop" `r->for_cname' */
r->for_cname = save_for_cname; r->for_cname = save_for_cname;
hx509_xfree(s); hx509_xfree(s);
return MHD_YES; return res;
} }
/* /*
@@ -2408,7 +2417,7 @@ make_csrf_token(struct bx509_request_desc *r,
if (ret == 0 && data.length > INT_MAX) if (ret == 0 && data.length > INT_MAX)
ret = ERANGE; ret = ERANGE;
if (ret == 0 && if (ret == 0 &&
(dlen = rk_base64_encode(data.data, data.length, token)) < 0) rk_base64_encode(data.data, data.length, token) < 0)
ret = errno; ret = errno;
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_data_free(&data); krb5_data_free(&data);
@@ -2506,6 +2515,7 @@ ip(void *cls,
if (ftl == NULL || keydup == NULL || valdup == NULL) { if (ftl == NULL || keydup == NULL || valdup == NULL) {
free(ftl); free(ftl);
free(keydup); free(keydup);
free(valdup);
return MHD_NO; return MHD_NO;
} }
ftl->freeme1 = keydup; ftl->freeme1 = keydup;