Fix memory leak in OTP kdcpreauth module

author Greg Hudson <ghudson@mit.edu>

Fri, 3 Jun 2022 18:30:42 +0000 (14:30 -0400)

committer Greg Hudson <ghudson@mit.edu>

Wed, 8 Jun 2022 23:16:49 +0000 (19:16 -0400)
author Greg Hudson <ghudson@mit.edu>
Fri, 3 Jun 2022 18:30:42 +0000 (14:30 -0400)
committer Greg Hudson <ghudson@mit.edu>
Wed, 8 Jun 2022 23:16:49 +0000 (19:16 -0400)
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c

index 119714f994e9acad8c9f18a1982f70b2c9d25083..0e682aae58dd981899e5824f2e3f0a5ea79211d9 100644 (file)
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
      krb5_pa_otp_challenge chl;
      krb5_pa_data *pa = NULL;
      krb5_error_code retval;
-    krb5_data *encoding;
+    krb5_data *encoding, nonce = empty_data();
      char *config;
  
      /* Determine if otp is enabled for the user. */
@@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
      ti.iteration_count = -1;
  
      /* Generate the nonce. */
-    retval = nonce_generate(context, armor_key->length, &chl.nonce);
+    retval = nonce_generate(context, armor_key->length, &nonce);
      if (retval != 0)
          goto out;
+    chl.nonce = nonce;
  
      /* Build the output pa-data. */
      retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
@@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
      free(encoding);
  
  out:
+    krb5_free_data_contents(context, &nonce);
      (*respond)(arg, retval, pa);
  }
author	Greg Hudson <ghudson@mit.edu>
	Fri, 3 Jun 2022 18:30:42 +0000 (14:30 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 8 Jun 2022 23:16:49 +0000 (19:16 -0400)