free more

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2569 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/build_auth.c

@@ -66,6 +66,7 @@ krb5_build_authenticator (krb5_context context,
   auth->subkey = NULL;
 #else
   krb5_generate_subkey (context, &cred->session, &auth->subkey);
+  free_EncryptionKey (&auth_context->local_subkey);
   copy_EncryptionKey (auth->subkey,
 		      &auth_context->local_subkey);
 #endif
@@ -98,7 +99,7 @@ krb5_build_authenticator (krb5_context context,
   if (auth_result)
     *auth_result = auth;
   else {
-    free (auth->crealm);
+    free_Authenticator (auth);
     free (auth);
   }
   return ret;

lib/krb5/keytab.c

@@ -170,6 +170,8 @@ krb5_error_code
 krb5_kt_free_entry(krb5_context context,
 		   krb5_keytab_entry *entry)
 {
+  krb5_free_principal (context, entry->principal);
+  krb5_free_keyblock (context, &entry->keyblock);
   free (entry);
   return 0;
 }

lib/krb5/mk_priv.c

@@ -86,6 +86,7 @@ krb5_mk_priv(krb5_context context,
     return r;
 
   r = encode_KRB_PRIV (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
+  krb5_data_free (&s.enc_part.cipher);
   if (r)
     return r;
   outbuf->length = len;

lib/krb5/mk_req_ext.c

@@ -49,7 +49,6 @@ krb5_mk_req_extended(krb5_context context,
 		     krb5_data *outbuf)
 {
   krb5_error_code r;
-  Authenticator *auth;
   krb5_data authenticator;
   Checksum c;
   Checksum *c_opt;
@@ -66,7 +65,8 @@ krb5_mk_req_extended(krb5_context context,
   if(r)
       return r;
       
-  copy_EncryptionKey(&in_creds->session,
+  free_EncryptionKey (&ac->key);
+  copy_EncryptionKey (&in_creds->session,
 		      &ac->key);
 
   if (in_data) {
@@ -86,7 +86,7 @@ krb5_mk_req_extended(krb5_context context,
 				ac,
 				in_creds,
 				c_opt,
-				&auth,
+				NULL,
 				&authenticator);
   if (r)
     return r;

lib/krb5/rd_priv.c

@@ -75,6 +75,7 @@ krb5_rd_priv(krb5_context context,
       goto failure;
 
   r = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
+  krb5_data_free (&plain);
   if (r) 
       goto failure;
   

lib/krb5/rd_rep.c

@@ -53,13 +53,20 @@ krb5_rd_rep(krb5_context context,
   char *buf;
   krb5_data data;
 
+  krb5_data_zero (&data);
+  ret = 0;
+
   ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
   if (ret)
       return ret;
-  if (ap_rep.pvno != 5)
-    return KRB5KRB_AP_ERR_BADVERSION;
-  if (ap_rep.msg_type != krb_ap_rep)
-    return KRB5KRB_AP_ERR_MSG_TYPE;
+  if (ap_rep.pvno != 5) {
+    ret = KRB5KRB_AP_ERR_BADVERSION;
+    goto out;
+  }
+  if (ap_rep.msg_type != krb_ap_rep) {
+    ret = KRB5KRB_AP_ERR_MSG_TYPE;
+    goto out;
+  }
 
   ret = krb5_decrypt (context,
 		      ap_rep.enc_part.cipher.data,
@@ -68,11 +75,13 @@ krb5_rd_rep(krb5_context context,
 		      &auth_context->key,
 		      &data);
   if (ret)
-    return ret;
+      goto out;
 
   *repl = malloc(sizeof(**repl));
-  if (*repl == NULL)
-    return ENOMEM;
+  if (*repl == NULL) {
+    ret = ENOMEM;
+    goto out;
+  }
   ret = decode_EncAPRepPart(data.data,
 			    data.length,
 			    *repl, 
@@ -88,12 +97,16 @@ krb5_rd_rep(krb5_context context,
 	    auth_context->authenticator->ctime,
 	    auth_context->authenticator->cusec);
 #endif				/* Something wrong with the coding??? */
-    return KRB5KRB_AP_ERR_MUT_FAIL;
+    ret = KRB5KRB_AP_ERR_MUT_FAIL;
+    goto out;
   }
   if ((*repl)->seq_number)
     auth_context->remote_seqnumber = *((*repl)->seq_number);
   
-  return 0;
+out:
+  krb5_data_free (&data);
+  free_AP_REP (&ap_rep);
+  return ret;
 }
 
 void

lib/krb5/rd_req.c

@@ -279,22 +279,33 @@ krb5_rd_req(krb5_context context,
 {
     krb5_keytab_entry entry;
     krb5_error_code ret;
+    krb5_keytab real_keytab;
+
     if(keytab == NULL)
-	krb5_kt_default(context, &keytab);
+	krb5_kt_default(context, &real_keytab);
+    else
+	real_keytab = keytab;
+
     ret = krb5_kt_get_entry(context,
-			    keytab,
+			    real_keytab,
 			    (krb5_principal)server,
 			    0,
 			    KEYTYPE_DES,
 			    &entry);
     if(ret)
-	return ret;
+	goto out;
     
-    return krb5_rd_req_with_keyblock(context,
+    ret = krb5_rd_req_with_keyblock(context,
 				    auth_context,
 				    inbuf,
 				    server,
 				    &entry.keyblock,
 				    ap_req_options,
 				    ticket);
+    krb5_kt_free_entry (context, &entry);
+out:
+    if (keytab == NULL)
+	krb5_kt_close (context, real_keytab);
+
+    return ret;
 }