[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some memory management problems

To: heimdal-discuss@sics.se
Subject: Some memory management problems
From: GOMBAS Gabor <gombasg@inf.elte.hu>
Date: Tue, 11 Apr 2000 17:03:35 +0200 (MET DST)
Sender: owner-heimdal-discuss@sics.se

Hello,

I've found some memory management problems in Heimdal (malloc'ing 0 bytes; 
free'ing NULL or already free'd pointers). The attached patch sould fix
them. The errors were found by using dmalloc. The errors were triggered
when authentication using GSSAPI failed for some reason.

Gabor

---
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary

diff -ur heimdal-0.2r.old/lib/asn1/der_free.c heimdal-0.2r/lib/asn1/der_free.c
--- heimdal-0.2r.old/lib/asn1/der_free.c	Thu Dec  2 18:05:01 1999
+++ heimdal-0.2r/lib/asn1/der_free.c	Mon Apr 10 16:53:09 2000
@@ -38,11 +38,18 @@
 void
 free_general_string (general_string *str)
 {
+    if (*str == NULL)
+	return;
     free(*str);
+    *str = NULL;
 }
 
 void
 free_octet_string (octet_string *k)
 {
+    k->length = 0;
+    if (k->data == NULL)
+	return;
     free(k->data);
+    k->data = NULL;
 }
diff -ur heimdal-0.2r.old/lib/asn1/der_get.c heimdal-0.2r/lib/asn1/der_get.c
--- heimdal-0.2r.old/lib/asn1/der_get.c	Thu Dec  2 18:05:01 1999
+++ heimdal-0.2r/lib/asn1/der_get.c	Mon Apr 10 17:11:58 2000
@@ -130,10 +130,14 @@
 		      octet_string *data, size_t *size)
 {
     data->length = len;
-    data->data = malloc(len);
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-    memcpy (data->data, p, len);
+    if (len) {
+	data->data = malloc(len);
+	if (data->data == NULL)
+	    return ENOMEM;
+	memcpy (data->data, p, len);
+    }
+    else
+	data->data = NULL;
     if(size) *size = len;
     return 0;
 }
diff -ur heimdal-0.2r.old/lib/asn1/gen_free.c heimdal-0.2r/lib/asn1/gen_free.c
--- heimdal-0.2r.old/lib/asn1/gen_free.c	Thu Dec  2 18:05:02 1999
+++ heimdal-0.2r/lib/asn1/gen_free.c	Mon Apr 10 16:52:36 2000
@@ -95,7 +95,10 @@
 	      "}\n",
 	      name);
       fprintf(codefile,
-	      "free((%s)->val);\n", name);
+	      "if((%s)->val){\n"
+	      "free((%s)->val);\n"
+	      "(%s)->val = NULL;\n"
+	      "}\n", name, name, name);
       free(n);
       break;
   }
diff -ur heimdal-0.2r.old/lib/gssapi/add_oid_set_member.c heimdal-0.2r/lib/gssapi/add_oid_set_member.c
--- heimdal-0.2r.old/lib/gssapi/add_oid_set_member.c	Thu Dec  2 18:05:03 1999
+++ heimdal-0.2r/lib/gssapi/add_oid_set_member.c	Mon Apr 10 15:28:34 2000
@@ -41,7 +41,7 @@
             gss_OID_set * oid_set
            )
 {
-  size_t n = (*oid_set)->count;
+  size_t n = (*oid_set)->count + 1;
 
   (*oid_set)->elements = realloc ((*oid_set)->elements,
 				  n * sizeof(gss_OID_desc));
diff -ur heimdal-0.2r.old/lib/gssapi/release_buffer.c heimdal-0.2r/lib/gssapi/release_buffer.c
--- heimdal-0.2r.old/lib/gssapi/release_buffer.c	Thu Dec  2 18:05:04 1999
+++ heimdal-0.2r/lib/gssapi/release_buffer.c	Mon Apr 10 15:28:04 2000
@@ -41,6 +41,7 @@
            )
 {
   free (buffer->value);
+  buffer->value = NULL;
   buffer->length = 0;
   return GSS_S_COMPLETE;
 }
diff -ur heimdal-0.2r.old/lib/gssapi/release_name.c heimdal-0.2r/lib/gssapi/release_name.c
--- heimdal-0.2r.old/lib/gssapi/release_name.c	Thu Dec  2 18:05:04 1999
+++ heimdal-0.2r/lib/gssapi/release_name.c	Mon Apr 10 15:27:42 2000
@@ -43,5 +43,6 @@
   gssapi_krb5_init ();
   krb5_free_principal(gssapi_krb5_context,
 		      *input_name);
+  *input_name = GSS_C_NO_NAME;
   return GSS_S_COMPLETE;
 }
diff -ur heimdal-0.2r.old/lib/gssapi/release_oid_set.c heimdal-0.2r/lib/gssapi/release_oid_set.c
--- heimdal-0.2r.old/lib/gssapi/release_oid_set.c	Thu Dec  2 18:05:04 1999
+++ heimdal-0.2r/lib/gssapi/release_oid_set.c	Mon Apr 10 15:27:14 2000
@@ -42,5 +42,6 @@
 {
   free ((*set)->elements);
   free (*set);
+  *set = GSS_C_NO_OID_SET;
   return GSS_S_COMPLETE;
 }
diff -ur heimdal-0.2r.old/lib/krb5/config_file.c heimdal-0.2r/lib/krb5/config_file.c
--- heimdal-0.2r.old/lib/krb5/config_file.c	Thu Dec  2 18:05:08 1999
+++ heimdal-0.2r/lib/krb5/config_file.c	Mon Apr 10 15:26:41 2000
@@ -490,7 +490,8 @@
 	free(*s);
 	s++;
     }
-    free(strings);
+    if (strings)
+	free(strings);
 }
 
 krb5_boolean
diff -ur heimdal-0.2r.old/lib/krb5/crypto.c heimdal-0.2r/lib/krb5/crypto.c
--- heimdal-0.2r.old/lib/krb5/crypto.c	Wed Jan 26 00:06:55 2000
+++ heimdal-0.2r/lib/krb5/crypto.c	Mon Apr 10 15:26:15 2000
@@ -2228,7 +2228,8 @@
     
     for(i = 0; i < crypto->num_key_usage; i++)
 	free_key_usage(context, &crypto->key_usage[i]);
-    free(crypto->key_usage);
+    if (crypto->key_usage)
+	free(crypto->key_usage);
     free_key_data(context, &crypto->key);
     free (crypto);
     return 0;
diff -ur heimdal-0.2r.old/lib/krb5/data.c heimdal-0.2r/lib/krb5/data.c
--- heimdal-0.2r.old/lib/krb5/data.c	Thu Dec  2 18:05:09 1999
+++ heimdal-0.2r/lib/krb5/data.c	Mon Apr 10 15:25:40 2000
@@ -45,8 +45,10 @@
 void
 krb5_data_free(krb5_data *p)
 {
-    if(p->data != NULL)
+    if(p->data != NULL) {
 	free(p->data);
+	p->data = NULL;
+    }
     p->length = 0;
 }

Follow-Ups:
- Re: Some memory management problems
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: krb5 server as a slave for krb4
Next by Date: Re: Some memory management problems
Prev by thread: Re: krb5 server as a slave for krb4
Next by thread: Re: Some memory management problems
Index(es):
- Date
- Thread