]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54fa443)
Fix a small memory leak in util_errmap
authorGreg Hudson <ghudson@mit.edu>
Mon, 31 Dec 2012 22:21:46 +0000 (17:21 -0500)
committerGreg Hudson <ghudson@mit.edu>
Tue, 1 Jan 2013 22:41:49 +0000 (17:41 -0500)
Calls to gssint_mecherrmap_map_errcode would result in calling
mecherror_copy with a zero-length mech OID, which would result in an
OID with 0 for length and malloc(0) for elements.  On platforms which
return non-null from malloc(0), gssint_mecherrmap_destroy() wouldn't
free the elements pointer.

Avoid calling malloc(0) and don't use the length field to decide
whether to free an elements pointer.

src/lib/gssapi/generic/util_errmap.c patch | blob | blame | history

diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c
index 9fbc9fc4ca87084359470451c26d4a01b1900a6b..c26ea7b05ad92e3d5df5240189c6e40be6476837 100644 (file)
--- a/src/lib/gssapi/generic/util_errmap.c
+++ b/src/lib/gssapi/generic/util_errmap.c
@@ -79,14 +79,14 @@ static inline int
 mecherror_copy(struct mecherror *dest, struct mecherror src)
 {
     *dest = src;
-    dest->mech.elements = malloc(src.mech.length);
-    if (dest->mech.elements == NULL) {
-        if (src.mech.length)
+    if (src.mech.length > 0) {
+        dest->mech.elements = malloc(src.mech.length);
+        if (dest->mech.elements == NULL)
             return ENOMEM;
-        else
-            return 0;
+        memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
+    } else {
+        dest->mech.elements = NULL;
     }
-    memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
     return 0;
 }
 
@@ -155,8 +155,7 @@ int gssint_mecherrmap_init(void)
    element storage when destroying the collection.  */
 static int free_one(OM_uint32 i, struct mecherror value, void *p)
 {
-    if (value.mech.length && value.mech.elements)
-        free(value.mech.elements);
+    free(value.mech.elements);
     return 0;
 }
 
@@ -229,10 +228,8 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
     }
     err = mecherrmap_add(&m, new_status, me_copy);
     k5_mutex_unlock(&mutex);
-    if (err) {
-        if (me_copy.mech.length)
-            free(me_copy.mech.elements);
-    }
+    if (err)
+        free(me_copy.mech.elements);
 #ifdef DEBUG
     fprintf(f, "%s: mapping ", __FUNCTION__);
     mecherror_print(me, f);
Mirror of https://github.com/krb5/krb5.git