[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: krb5_free_keyblock_contents



Ake Sandgren <ake@cs.umu.se> writes:
> Real problem found.
> In krb5_get_kdc_cred *out_creds gets calloc'ed and when get_cred_kdc failes
> it frees *out_creds without setting it to NULL (or perhaps it should
> do a proper free sequens and then set it to null?)

Setting *out_creds to NULL makes some sense, but that's not done in a
lot of other places, and ...

> renew_validate int kinit.c then performs a free sequens on the already
> freed pointer...

the caller of krb5_get_kdc_cred shouldn't access out_creds if ret !=
0.  I have fixed that in kinit.c.

/assar

Index: kuser/kinit.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/kuser/kinit.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -w -u -w -r1.48 -r1.49
--- kinit.c	1999/04/01 17:33:25	1.48
+++ kinit.c	1999/04/19 13:19:40	1.49
@@ -37,7 +37,7 @@
  */
 
 #include "kuser_locl.h"
-RCSID("$Id: kinit.c,v 1.48 1999/04/01 17:33:25 joda Exp $");
+RCSID("$Id: kinit.c,v 1.49 1999/04/19 13:19:40 assar Exp $");
 
 int forwardable		= 0;
 int proxiable		= 0;
@@ -147,6 +147,7 @@
 	}
     } else {
 	char *realm;
+
 	ret = krb5_get_default_realm(context, &realm);
 	if(ret) {
 	    krb5_warn(context, ret, "krb5_get_default_realm");
@@ -154,11 +155,11 @@
 	}
 	ret = krb5_make_principal(context, &in.server, 
 				  realm, "krbtgt", realm, NULL);
+	free (realm);
 	if(ret) {
 	    krb5_warn(context, ret, "krb5_make_principal");
 	    goto out;
 	}
-	free(realm);
     }
     flags.i = 0;
     flags.b.renewable = flags.b.renew = renew;
@@ -179,16 +180,18 @@
     }
     ret = krb5_cc_initialize(context, cache, in.client);
     if(ret) {
+	krb5_free_creds (context, out);
 	krb5_warn(context, ret, "krb5_cc_initialize");
 	goto out;
     }
     ret = krb5_cc_store_cred(context, cache, out);
+    krb5_free_creds (context, out);
     if(ret) {
 	krb5_warn(context, ret, "krb5_cc_store_cred");
 	goto out;
     }
 out:
-    krb5_free_creds(context, out);
+    krb5_free_creds_contents(context, &in);
     return ret;
 }