[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: krb5_free_keyblock_contents
Ake Sandgren <ake@cs.umu.se> writes:
> Real problem found.
> In krb5_get_kdc_cred *out_creds gets calloc'ed and when get_cred_kdc failes
> it frees *out_creds without setting it to NULL (or perhaps it should
> do a proper free sequens and then set it to null?)
Setting *out_creds to NULL makes some sense, but that's not done in a
lot of other places, and ...
> renew_validate int kinit.c then performs a free sequens on the already
> freed pointer...
the caller of krb5_get_kdc_cred shouldn't access out_creds if ret !=
0. I have fixed that in kinit.c.
/assar
Index: kuser/kinit.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kuser/kinit.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -w -u -w -r1.48 -r1.49
--- kinit.c 1999/04/01 17:33:25 1.48
+++ kinit.c 1999/04/19 13:19:40 1.49
@@ -37,7 +37,7 @@
*/
#include "kuser_locl.h"
-RCSID("$Id: kinit.c,v 1.48 1999/04/01 17:33:25 joda Exp $");
+RCSID("$Id: kinit.c,v 1.49 1999/04/19 13:19:40 assar Exp $");
int forwardable = 0;
int proxiable = 0;
@@ -147,6 +147,7 @@
}
} else {
char *realm;
+
ret = krb5_get_default_realm(context, &realm);
if(ret) {
krb5_warn(context, ret, "krb5_get_default_realm");
@@ -154,11 +155,11 @@
}
ret = krb5_make_principal(context, &in.server,
realm, "krbtgt", realm, NULL);
+ free (realm);
if(ret) {
krb5_warn(context, ret, "krb5_make_principal");
goto out;
}
- free(realm);
}
flags.i = 0;
flags.b.renewable = flags.b.renew = renew;
@@ -179,16 +180,18 @@
}
ret = krb5_cc_initialize(context, cache, in.client);
if(ret) {
+ krb5_free_creds (context, out);
krb5_warn(context, ret, "krb5_cc_initialize");
goto out;
}
ret = krb5_cc_store_cred(context, cache, out);
+ krb5_free_creds (context, out);
if(ret) {
krb5_warn(context, ret, "krb5_cc_store_cred");
goto out;
}
out:
- krb5_free_creds(context, out);
+ krb5_free_creds_contents(context, &in);
return ret;
}