Add and use k5memdup, k5memdup0 helpers

Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 9da1b63b661daf9c78a031f7c54e3dfb6666e8ca..9136bfc0e2c061f1f62f9c3b048e340d7194f3e8 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2571,6 +2571,28 @@ k5alloc(size_t len, krb5_error_code *code)
     return ptr;
 }
 
+/* Return a copy of the len bytes of memory at in; set *code to 0 or ENOMEM. */
+static inline void *
+k5memdup(const void *in, size_t len, krb5_error_code *code)
+{
+    void *ptr = k5alloc(len, code);
+
+    if (ptr != NULL)
+        memcpy(ptr, in, len);
+    return ptr;
+}
+
+/* Like k5memdup, but add a final null byte. */
+static inline void *
+k5memdup0(const void *in, size_t len, krb5_error_code *code)
+{
+    void *ptr = k5alloc(len + 1, code);
+
+    if (ptr != NULL)
+        memcpy(ptr, in, len);
+    return ptr;
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
                               krb5_ccache ccache,

diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 5b5bd9b90ceb0fbb0a7ada7cf86839447c831623..15b0ab5a38da4ac72a98f2e4d40a0096b39e3c1f 100644 (file)
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -216,10 +216,7 @@ process_chpw_request(krb5_context context, void *server_handle, char *realm,
 
     /* change the password */
 
-    ptr = (char *) malloc(clear.length+1);
-    memcpy(ptr, clear.data, clear.length);
-    ptr[clear.length] = '\0';
-
+    ptr = k5memdup0(clear.data, clear.length, &ret);
     ret = schpw_util_wrapper(server_handle, client, target,
                              (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
                              ptr, NULL, strresult, sizeof(strresult));

diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
index 1dd5f3ebf36249dbe2805c6725682f9f1dc49e71..40c578303522b33589f85485a3d3f4598298a0b5 100644 (file)
--- a/src/kdc/fast_util.c
+++ b/src/kdc/fast_util.c
@@ -256,15 +256,12 @@ kdc_find_fast(krb5_kdc_req **requestptr,
         } else {
             new_padata->pa_type = KRB5_PADATA_FX_COOKIE;
             new_padata->length = cookie_padata->length;
-            new_padata->contents = malloc(new_padata->length);
-            if (new_padata->contents == NULL) {
-                retval = ENOMEM;
+            new_padata->contents =
+                k5memdup(cookie_padata->contents, new_padata->length, &retval);
+            if (new_padata->contents == NULL)
                 free(new_padata);
-            } else {
-                memcpy(new_padata->contents, cookie_padata->contents,
-                       new_padata->length);
+            else
                 state->cookie = new_padata;
-            }
         }
     }
     if (retval == 0 && inner_body_out != NULL) {

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 848d0bdcccd6be6e12226cf5e555570d2acc8396..c2bcab9f3bc6020032289341947d8157dbfd668f 100644 (file)
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1586,12 +1586,10 @@ return_pw_salt(krb5_context context, krb5_pa_data *in_padata,
     padata->magic = KV5M_PA_DATA;
 
     if (salttype == KRB5_KDB_SALTTYPE_AFS3) {
-        padata->contents = k5alloc(salt->length + 1, &retval);
+        padata->contents = k5memdup0(salt->data, salt->length, &retval);
         if (padata->contents == NULL)
             goto cleanup;
-        memcpy(padata->contents, salt->data, salt->length);
         padata->pa_type = KRB5_PADATA_AFS3_SALT;
-        padata->contents[salt->length] = '\0';
         padata->length = salt->length + 1;
     } else {
         padata->pa_type = KRB5_PADATA_PW_SALT;

diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c
index 116b3c7ff0118a7d3d5ac3bdd32c94ba63e29251..afc473bfe3fbf49e47dff3575df0a9f21eb13ae1 100644 (file)
--- a/src/lib/crypto/krb/checksum_confounder.c
+++ b/src/lib/crypto/krb/checksum_confounder.c
@@ -41,10 +41,10 @@ mk_xorkey(krb5_key origkey, krb5_key *xorkey)
     krb5_keyblock xorkeyblock;
     size_t i = 0;
 
-    xorbytes = malloc(origkey->keyblock.length);
+    xorbytes = k5memdup(origkey->keyblock.contents, origkey->keyblock.length,
+                        &retval);
     if (xorbytes == NULL)
-        return ENOMEM;
-    memcpy(xorbytes, origkey->keyblock.contents, origkey->keyblock.length);
+        return retval;
     for (i = 0; i < origkey->keyblock.length; i++)
         xorbytes[i] ^= 0xf0;
 
@@ -118,7 +118,7 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
     krb5_crypto_iov *hash_iov = NULL, iov;
     size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
 
-    plaintext = k5alloc(input->length, &ret);
+    plaintext = k5memdup(input->data, input->length, &ret);
     if (plaintext == NULL)
         return ret;
 
@@ -129,7 +129,6 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
     /* Decrypt the input checksum. */
     iov.flags = KRB5_CRYPTO_TYPE_DATA;
     iov.data = make_data(plaintext, input->length);
-    memcpy(plaintext, input->data, input->length);
     ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
     if (ret != 0)
         goto cleanup;

diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c
index 1509f422503769f77f9ff053121cdb3ea593e3ad..f15fec1a292763414a5db41b1e5fd596afe270ab 100644 (file)
--- a/src/lib/crypto/krb/derive.c
+++ b/src/lib/crypto/krb/derive.c
@@ -52,7 +52,7 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
     dkent = malloc(sizeof(*dkent));
     if (dkent == NULL)
         goto cleanup;
-    data = malloc(constant->length);
+    data = k5memdup(constant->data, constant->length, &ret);
     if (data == NULL)
         goto cleanup;
     ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
@@ -60,7 +60,6 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
         goto cleanup;
 
     /* Add the new entry to the list. */
-    memcpy(data, constant->data, constant->length);
     dkent->dkey = dkey;
     dkent->constant.data = data;
     dkent->constant.length = constant->length;

diff --git a/src/lib/crypto/krb/enc_old.c b/src/lib/crypto/krb/enc_old.c
index e7160b16928749d5008d79cb0bb13560678fa137..b44a3994f054f7f465a5e2a8e65b8c45082e98ec 100644 (file)
--- a/src/lib/crypto/krb/enc_old.c
+++ b/src/lib/crypto/krb/enc_old.c
@@ -166,10 +166,9 @@ krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
 
     /* Save the checksum, then zero it out in the plaintext. */
     checksum = make_data(header->data.data + enc->block_size, hash->hashsize);
-    saved_checksum = k5alloc(hash->hashsize, &ret);
+    saved_checksum = k5memdup(checksum.data, checksum.length, &ret);
     if (saved_checksum == NULL)
         goto cleanup;
-    memcpy(saved_checksum, checksum.data, checksum.length);
     memset(checksum.data, 0, checksum.length);
 
     /*

diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 31f705d8249afc554add8c27523cd85fffb0de58..04d70a64b6f14019f4fd5259bb75a357ec35d7cd 100644 (file)
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -800,16 +800,13 @@ krb5_gss_authorize_localname(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
 
-    user = k5alloc(local_user->length + 1, &code);
+    user = k5memdup0(local_user->value, local_user->length, &code);
     if (user == NULL) {
         *minor = code;
         krb5_free_context(context);
         return GSS_S_FAILURE;
     }
 
-    memcpy(user, local_user->value, local_user->length);
-    user[local_user->length] = '\0';
-
     user_ok = krb5_kuserok(context, kname->princ, user);
 
     free(user);

diff --git a/src/lib/gssapi/krb5/import_cred.c b/src/lib/gssapi/krb5/import_cred.c
index 4de6fa65e5009eb417dab9303a21183dfea0dec6..ad9a1110e9e829117f3af7c0792084787c58f9a8 100644 (file)
--- a/src/lib/gssapi/krb5/import_cred.c
+++ b/src/lib/gssapi/krb5/import_cred.c
@@ -614,14 +614,12 @@ krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
     }
 
     /* Decode token. */
-    copy = malloc(token->length + 1);
+    copy = k5memdup0(token->value, token->length, &ret);
     if (copy == NULL) {
         status = GSS_S_FAILURE;
-        *minor_status = ENOMEM;
+        *minor_status = ret;
         goto cleanup;
     }
-    memcpy(copy, token->value, token->length);
-    copy[token->length] = '\0';
     v = k5_json_decode(copy);
     if (v == NULL)
         goto invalid;

diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
index 394aca4fe5f13a96102292815a1ba8671c217f09..3f5492b99f6b20845fb951cfa2a4b30e6b4c30b3 100644 (file)
--- a/src/lib/gssapi/krb5/import_name.c
+++ b/src/lib/gssapi/krb5/import_name.c
@@ -196,14 +196,12 @@ krb5_gss_import_name(minor_status, input_name_buffer,
 
         stringrep = NULL;
 
-        tmp = k5alloc(input_name_buffer->length + 1, &code);
+        tmp = k5memdup0(input_name_buffer->value, input_name_buffer->length,
+                        &code);
         if (tmp == NULL)
             goto cleanup;
         tmp2 = NULL;
 
-        memcpy(tmp, input_name_buffer->value, input_name_buffer->length);
-        tmp[input_name_buffer->length] = '\0';
-
         /* Find the appropriate string rep to pass into parse_name. */
         if ((input_name_type == GSS_C_NULL_OID) ||
             g_OID_equal(input_name_type, gss_nt_krb5_name) ||

diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index 535311eb97542fb12cbe41b3f7f69c4a7a11e9cd..f44f0d2cf908acdc96fcedfb008fed52d2314082 100644 (file)
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -162,11 +162,9 @@ kg_acceptor_princ(krb5_context context, krb5_gss_name_t name,
         /* If a host was given, we have to use the canonicalized form of it (as
          * given by krb5_sname_to_principal) for backward compatibility. */
         const krb5_data *d = &name->princ->data[1];
-        tmp = k5alloc(d->length + 1, &code);
+        tmp = k5memdup0(d->data, d->length, &code);
         if (tmp == NULL)
             return ENOMEM;
-        memcpy(tmp, d->data, d->length);
-        tmp[d->length] = '\0';
         host = tmp;
     } else                      /* No host was given; use an empty string. */
         host = "";

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 2000fe441c865041a4140c9065fd4c56917b56f7..6d90628dcf3b4110935dbaf8a447cb7569d74939 100644 (file)
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -245,12 +245,10 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
             ks_tuple = handle->params.keysalts;
         }
         /* Dup the requested or defaulted keysalt tuples. */
-        new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple));
-        if (new_ks_tuple == NULL) {
-            ret = ENOMEM;
+        new_ks_tuple = k5memdup(ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple),
+                                &ret);
+        if (new_ks_tuple == NULL)
             goto cleanup;
-        }
-        memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple));
         new_n_ks_tuple = n_ks_tuple;
         ret = 0;
         goto cleanup;

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 2a040fc57c809241e35bc47798f298e6b27bc34e..e1ee5f9ff990c5229107fa9a95d2b8c6d37d6892 100644 (file)
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1167,16 +1167,13 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
         if (retval)
             goto clean_n_exit;
 
-        key->contents = malloc(tmp_key.length);
-        if (key->contents == NULL) {
-            retval = ENOMEM;
+        key->contents = k5memdup(tmp_key.contents, tmp_key.length, &retval);
+        if (key->contents == NULL)
             goto clean_n_exit;
-        }
 
         key->magic = tmp_key.magic;
         key->enctype = tmp_key.enctype;
         key->length = tmp_key.length;
-        memcpy(key->contents, tmp_key.contents, tmp_key.length);
     }
 
 clean_n_exit:

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index ee01d9d21c8dce2edad8a0e5948b0777214455dd..9a7f757f965dc3d40052c9bbc90913fcc564ae4d 100644 (file)
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -361,12 +361,12 @@ krb5_db_def_fetch_mkey_keytab(krb5_context   context,
          * kt_ent will be free'd so need to allocate and copy key contents for
          * output to caller.
          */
-        if (!(key->contents = (krb5_octet *)malloc(key->length))) {
-            retval = ENOMEM;
+        key->contents = k5memdup(kt_ent.key.contents, kt_ent.key.length,
+                                 &retval);
+        if (key->contents == NULL) {
             krb5_kt_free_entry(context, &kt_ent);
             goto errout;
         }
-        memcpy(key->contents, kt_ent.key.contents, kt_ent.key.length);
         krb5_kt_free_entry(context, &kt_ent);
     }
 

diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
index b9906f0f726956654da8cace91e5916980b819c1..d8d338c7fb39e8fffe851120aba03b04708e5496 100644 (file)
--- a/src/lib/kdb/kdb_log.c
+++ b/src/lib/kdb/kdb_log.c
@@ -321,13 +321,10 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args)
             continue;
 
         if (upd->kdb_deleted) {
-            dbprincstr = k5alloc(upd->kdb_princ_name.utf8str_t_len + 1,
-                                 &retval);
+            dbprincstr = k5memdup0(upd->kdb_princ_name.utf8str_t_val,
+                                   upd->kdb_princ_name.utf8str_t_len, &retval);
             if (dbprincstr == NULL)
                 goto cleanup;
-            memcpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val,
-                   upd->kdb_princ_name.utf8str_t_len);
-            dbprincstr[upd->kdb_princ_name.utf8str_t_len] = '\0';
 
             retval = krb5_parse_name(context, dbprincstr, &dbprinc);
             free(dbprincstr);

diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c
index a1fd3aa83796365aaeda51fbe8148e520b6ee30b..370c9439be5400eecb0fb77c24bbb531070e298c 100644 (file)
--- a/src/lib/krb5/ccache/ccbase.c
+++ b/src/lib/krb5/ccache/ccbase.c
@@ -221,13 +221,9 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
         resid = name;
     } else {
         resid = name + pfxlen + 1;
-
-        pfx = malloc (pfxlen+1);
-        if (!pfx)
-            return ENOMEM;
-
-        memcpy (pfx, name, pfxlen);
-        pfx[pfxlen] = '\0';
+        pfx = k5memdup0(name, pfxlen, &err);
+        if (pfx == NULL)
+            return err;
     }
 
     *cache = (krb5_ccache) 0;

diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c
index 2ca616684e1b827b9f85141ae8d3f57f24efbf77..7bbb6580ddee37b6cc90d7e02c5daf0f2f81035e 100644 (file)
--- a/src/lib/krb5/keytab/kt_srvtab.c
+++ b/src/lib/krb5/keytab/kt_srvtab.c
@@ -430,12 +430,11 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry
     ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC;
     ret_entry->key.magic = KV5M_KEYBLOCK;
     ret_entry->key.length = sizeof(key);
-    ret_entry->key.contents = malloc(sizeof(key));
-    if (!ret_entry->key.contents) {
+    ret_entry->key.contents = k5memdup(key, sizeof(key), &kerror);
+    if (ret_entry->key.contents == NULL) {
         krb5_free_principal(context, ret_entry->principal);
-        return ENOMEM;
+        return kerror;
     }
-    memcpy(ret_entry->key.contents, key, sizeof(key));
 
     return 0;
 }

diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
index 6f29579ce8dd2269bb5db19bdb2a94a9a7c8148b..0f3562f3391a29ca2d3dc79c5ccd0e0e63f646a8 100644 (file)
--- a/src/lib/krb5/keytab/ktbase.c
+++ b/src/lib/krb5/keytab/ktbase.c
@@ -188,13 +188,9 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
         resid = name;
     } else {
         resid = name + pfxlen + 1;
-
-        pfx = malloc (pfxlen+1);
-        if (!pfx)
-            return ENOMEM;
-
-        memcpy (pfx, name, pfxlen);
-        pfx[pfxlen] = '\0';
+        pfx = k5memdup0(name, pfxlen, &err);
+        if (pfx == NULL)
+            return err;
     }
 
     *ktid = (krb5_keytab) 0;

diff --git a/src/lib/krb5/krb/copy_tick.c b/src/lib/krb5/krb/copy_tick.c
index c3e33ff824382402e7340207949358ff5b397be8..660d977bb4251fd71dd4a306a3fbaa81898ee40b 100644 (file)
--- a/src/lib/krb5/krb/copy_tick.c
+++ b/src/lib/krb5/krb/copy_tick.c
@@ -53,16 +53,14 @@ copy_enc_tkt_part(krb5_context context, const krb5_enc_tkt_part *partfrom,
         tempto->transited.tr_contents.data = 0;
     } else {
         tempto->transited.tr_contents.data =
-            malloc(partfrom->transited.tr_contents.length);
+            k5memdup(partfrom->transited.tr_contents.data,
+                     partfrom->transited.tr_contents.length, &retval);
         if (!tempto->transited.tr_contents.data) {
             krb5_free_principal(context, tempto->client);
             krb5_free_keyblock(context, tempto->session);
             free(tempto);
             return ENOMEM;
         }
-        memcpy(tempto->transited.tr_contents.data,
-               (char *)partfrom->transited.tr_contents.data,
-               partfrom->transited.tr_contents.length);
     }
 
     retval = krb5_copy_addresses(context, partfrom->caddrs, &tempto->caddrs);

diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 8387cea27e3bb27145b9fa6f5ad6787acd956709..2e55066c7e62afc1578d9130e811c931279cc3db 100644 (file)
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -130,14 +130,11 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context,
                 goto errout;
             }
 
-            rhost = malloc(server->data[1].length+1);
-            if (!rhost) {
-                retval = ENOMEM;
+            rhost = k5memdup0(server->data[1].data, server->data[1].length,
+                              &retval);
+            if (rhost == NULL)
                 goto errout;
-            }
             free_rhost = 1;
-            memcpy(rhost, server->data[1].data, server->data[1].length);
-            rhost[server->data[1].length] = '\0';
         }
 
         retval = krb5_os_hostaddr(context, rhost, &addrs);

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index df1bacf87849b6bbd8f23ca697d7a1f9713825e3..c88b67a6e8d67b8d9b4926a44b13428ce28ffd7e 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -891,13 +891,11 @@ krb5_init_creds_init(krb5_context context,
     /* enctypes */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
         ctx->request->ktype =
-            k5alloc((opte->etype_list_length * sizeof(krb5_enctype)),
-                    &code);
+            k5memdup(opte->etype_list,
+                     opte->etype_list_length * sizeof(krb5_enctype), &code);
         if (code != 0)
             goto cleanup;
         ctx->request->nktypes = opte->etype_list_length;
-        memcpy(ctx->request->ktype, opte->etype_list,
-               ctx->request->nktypes * sizeof(krb5_enctype));
     } else if (krb5_get_default_in_tkt_ktypes(context,
                                               &ctx->request->ktype) == 0) {
         ctx->request->nktypes = k5_count_etypes(ctx->request->ktype);

diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 3262d21d8259425b3c27f7eff0594fa3240b11b9..cc6f200c696aafff282964f71f4aa74455418034 100644 (file)
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -186,12 +186,10 @@ krb5_pac_get_buffer(krb5_context context,
     if (ret != 0)
         return ret;
 
-    data->data = malloc(d.length);
+    data->data = k5memdup(d.data, d.length, &ret);
     if (data->data == NULL)
-        return ENOMEM;
-
+        return ret;
     data->length = d.length;
-    memcpy(data->data, d.data, d.length);
 
     return 0;
 }
@@ -275,14 +273,12 @@ k5_pac_copy(krb5_context context,
     if (pac == NULL)
         return ENOMEM;
 
-    pac->pac = (PACTYPE *)malloc(header_len);
+    pac->pac = k5memdup(src->pac, header_len, &code);
     if (pac->pac == NULL) {
         free(pac);
-        return ENOMEM;
+        return code;
     }
 
-    memcpy(pac->pac, src->pac, header_len);
-
     code = krb5int_copy_data_contents(context, &src->data, &pac->data);
     if (code != 0) {
         free(pac->pac);
@@ -538,11 +534,9 @@ k5_pac_verify_server_checksum(krb5_context context,
         return KRB5KRB_AP_ERR_INAPP_CKSUM;
 
     pac_data.length = pac->data.length;
-    pac_data.data = malloc(pac->data.length);
+    pac_data.data = k5memdup(pac->data.data, pac->data.length, &ret);
     if (pac_data.data == NULL)
-        return ENOMEM;
-
-    memcpy(pac_data.data, pac->data.data, pac->data.length);
+        return ret;
 
     /* Zero out both checksum buffers */
     ret = k5_pac_zero_signature(context, pac, KRB5_PAC_SERVER_CHECKSUM,

diff --git a/src/lib/krb5/krb/pac_sign.c b/src/lib/krb5/krb/pac_sign.c
index 49e3862b7ba9f5153460e4f829eccf49130c9041..20535816d7e734b50b358b5de1926ae3d40cfe0a 100644 (file)
--- a/src/lib/krb5/krb/pac_sign.c
+++ b/src/lib/krb5/krb/pac_sign.c
@@ -257,13 +257,11 @@ krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
     if (ret != 0)
         return ret;
 
-    data->data = malloc(pac->data.length);
+    data->data = k5memdup(pac->data.data, pac->data.length, &ret);
     if (data->data == NULL)
-        return ENOMEM;
-
+        return ret;
     data->length = pac->data.length;
 
-    memcpy(data->data, pac->data.data, pac->data.length);
     memset(pac->data.data, 0,
            PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH));
 

diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index ad1618ab6ecf5ca43aaf1025efddf9d6288bb000..060f98aa008b95a11d00eb28234f2e3057c179a0 100644 (file)
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -802,10 +802,9 @@ copy_cookie(krb5_context context, krb5_pa_data **in_padata,
     if (pa == NULL)
         return ret;
     *pa = *cookie;
-    pa->contents = k5alloc(cookie->length, &ret);
+    pa->contents = k5memdup(cookie->contents, cookie->length, &ret);
     if (pa->contents == NULL)
         goto error;
-    memcpy(pa->contents, cookie->contents, cookie->length);
     ret = grow_pa_list(out_pa_list, out_pa_list_size, &pa, 1);
     if (ret)
         goto error;
@@ -841,12 +840,12 @@ add_s4u_x509_user_padata(krb5_context context, krb5_s4u_userid *userid,
 
         s4u_padata->magic = KV5M_PA_DATA;
         s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER;
-        s4u_padata->contents = malloc(userid->subject_cert.length);
+        s4u_padata->contents = k5memdup(userid->subject_cert.data,
+                                        userid->subject_cert.length, &code);
         if (s4u_padata->contents == NULL) {
             free(s4u_padata);
-            return ENOMEM;
+            return code;
         }
-        memcpy(s4u_padata->contents, userid->subject_cert.data, userid->subject_cert.length);
         s4u_padata->length = userid->subject_cert.length;
 
         code = grow_pa_list(out_pa_list, out_pa_list_size, &s4u_padata, 1);

diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index f4187dc0454378535ce296f6d0ea3682ffa934fa..9a7c261dd67489ce347785eeb12e47aa88cb564e 100644 (file)
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -239,10 +239,10 @@ k5_make_tgs_req(krb5_context context,
     if (padata[0] == NULL)
         goto cleanup;
     padata[0]->pa_type = KRB5_PADATA_AP_REQ;
-    padata[0]->contents = k5alloc(ap_req_asn1->length, &ret);
+    padata[0]->contents = k5memdup(ap_req_asn1->data, ap_req_asn1->length,
+                                   &ret);
     if (padata[0] == NULL)
         goto cleanup;
-    memcpy(padata[0]->contents, ap_req_asn1->data, ap_req_asn1->length);
     padata[0]->length = ap_req_asn1->length;
 
     /* Append copies of any other supplied padata. */
@@ -252,10 +252,10 @@ k5_make_tgs_req(krb5_context context,
             goto cleanup;
         pa->pa_type = in_padata[i]->pa_type;
         pa->length = in_padata[i]->length;
-        pa->contents = k5alloc(in_padata[i]->length, &ret);
+        pa->contents = k5memdup(in_padata[i]->contents, in_padata[i]->length,
+                                &ret);
         if (pa->contents == NULL)
             goto cleanup;
-        memcpy(pa->contents, in_padata[i]->contents, in_padata[i]->length);
         padata[i + 1] = pa;
     }
     req.padata = padata;

diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c
index 10711f1d67d882ab9a60ecc5373b31ba8a242490..0aed147f34686c5f2cc5a1e0a5192256637ff431 100644 (file)
--- a/src/lib/krb5/krb/walk_rtree.c
+++ b/src/lib/krb5/krb/walk_rtree.c
@@ -303,19 +303,13 @@ rtree_capath_vals(krb5_context context,
 
     *vals = NULL;
 
-    clientz = calloc(client->length + 1, 1);
-    if (clientz == NULL) {
-        retval = ENOMEM;
+    clientz = k5memdup0(client->data, client->length, &retval);
+    if (clientz == NULL)
         goto error;
-    }
-    memcpy(clientz, client->data, client->length);
 
-    serverz = calloc(server->length + 1, 1);
-    if (serverz == NULL) {
-        retval = ENOMEM;
+    serverz = k5memdup0(server->data, server->length, &retval);
+    if (serverz == NULL)
         goto error;
-    }
-    memcpy(serverz, server->data, server->length);
 
     key[0] = "capaths";
     key[1] = clientz;

diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index 8108f3478b333906c5c7d09dfbd1af3104fe5d12..0f2600c28b67dcd4a4a837610e3f51d2ee61601e 100644 (file)
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -375,7 +375,6 @@ aname_replacer(char *string, char **contextp, char **result)
     krb5_error_code     kret;
     char                *in = NULL, *out = NULL, *rule = NULL, *repl = NULL;
     char                *cp, *ep, *tp;
-    size_t              rule_size, repl_size;
     int                 doglobal;
 
     *result = NULL;
@@ -418,24 +417,13 @@ aname_replacer(char *string, char **contextp, char **result)
             goto cleanup;
         }
 
-        /* Figure out sizes of strings and allocate them */
-        rule_size = (size_t) (ep - &cp[2]);
-        repl_size = (size_t) (tp - &ep[1]);
-        rule = malloc(rule_size + 1);
-        if (!rule) {
-            kret = ENOMEM;
+        /* Copy the rule and replacement strings. */
+        rule = k5memdup0(&cp[2], ep - &cp[2], &kret);
+        if (rule == NULL)
             goto cleanup;
-        }
-        repl = malloc(repl_size + 1);
-        if (!repl) {
-            kret = ENOMEM;
+        repl = k5memdup0(&ep[1], tp - &ep[1], &kret);
+        if (repl == NULL)
             goto cleanup;
-        }
-
-        /* Copy the strings */
-        memcpy(rule, &cp[2], rule_size);
-        memcpy(repl, &ep[1], repl_size);
-        rule[rule_size] = repl[repl_size] = '\0';
 
         /* Check for trailing "g" */
         doglobal = (tp[1] == 'g') ? 1 : 0;

diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 4ad8f32ebb1df5e79dcc49c5f9c3ea0bf6cbd531..46f4f0e5f33724485340ed26237806e32caa8b21 100644 (file)
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -156,16 +156,11 @@ kpasswd_sendto_msg_callback(struct conn_state *conn,
         local_kaddr.magic = addrs[0]->magic;
         local_kaddr.addrtype = addrs[0]->addrtype;
         local_kaddr.length = addrs[0]->length;
-        local_kaddr.contents = malloc(addrs[0]->length);
-        if (local_kaddr.contents == NULL && addrs[0]->length != 0) {
-            code = ENOMEM;
-            krb5_free_addresses(ctx->context, addrs);
-            goto cleanup;
-        }
-        if (addrs[0]->length)
-            memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
-
+        local_kaddr.contents = k5memdup(addrs[0]->contents, addrs[0]->length,
+                                        &code);
         krb5_free_addresses(ctx->context, addrs);
+        if (local_kaddr.contents == NULL)
+            goto cleanup;
     }
 
 

diff --git a/src/lib/krb5/os/get_krbhst.c b/src/lib/krb5/os/get_krbhst.c
index 7db973aa21be6a0ae0596e5c577480e47ec35541..d607366194aad69d2c8091070d2f0f6595f56dff 100644 (file)
--- a/src/lib/krb5/os/get_krbhst.c
+++ b/src/lib/krb5/os/get_krbhst.c
@@ -103,13 +103,9 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist)
         goto cleanup;
     }
     for (i = 0; i < count; i++) {
-        unsigned int len = strlen (values[i]) + 1;
-        rethosts[i] = malloc(len);
-        if (!rethosts[i]) {
-            retval = ENOMEM;
+        rethosts[i] = k5memdup0(values[i], strlen(values[i]), &retval);
+        if (rethosts[i] == NULL)
             goto cleanup;
-        }
-        memcpy (rethosts[i], values[i], len);
     }
     rethosts[count] = 0;
 cleanup:

diff --git a/src/lib/krb5/os/hostaddr.c b/src/lib/krb5/os/hostaddr.c
index 6be2abea80366955b011f3675593f6ea09a61623..a38fad5d97f9cced798c2a1346a7267821553d9a 100644 (file)
--- a/src/lib/krb5/os/hostaddr.c
+++ b/src/lib/krb5/os/hostaddr.c
@@ -101,12 +101,9 @@ krb5_os_hostaddr(krb5_context context, const char *name,
         addrs[i]->magic = KV5M_ADDRESS;
         addrs[i]->addrtype = atype;
         addrs[i]->length = addrlen;
-        addrs[i]->contents = malloc(addrs[i]->length);
-        if (!addrs[i]->contents) {
-            retval = ENOMEM;
+        addrs[i]->contents = k5memdup(ptr, addrlen, &retval);
+        if (addrs[i]->contents == NULL)
             goto errout;
-        }
-        memcpy (addrs[i]->contents, ptr, addrs[i]->length);
         i++;
     }
 

diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index ed8cc641e774a508a799319190e6a3bba73e53ff..5bf77761a7960665e37e508eca87ca911c163a8e 100644 (file)
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -400,13 +400,11 @@ module_locate_server(krb5_context ctx, const krb5_data *realm,
         krb5int_free_plugin_dir_data(ptrs);
         return ENOMEM;
     }
-    realmz = malloc(realm->length + 1);
+    realmz = k5memdup0(realm->data, realm->length, &code);
     if (realmz == NULL) {
         krb5int_free_plugin_dir_data(ptrs);
-        return ENOMEM;
+        return code;
     }
-    memcpy(realmz, realm->data, realm->length);
-    realmz[realm->length] = '\0';
     for (i = 0; ptrs[i]; i++) {
         void *blob;
 

diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
index cc42f461f21f9959bc842fb2d02964d3de7907e0..2981985ea5da5ff214159328c6dbeeb90767c020 100644 (file)
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -419,11 +419,9 @@ check_hash_extension(krb5_donot_replay *rep)
     end = strchr(str, ' ');
     if (!end)
         return 0;
-    msghash = malloc(end - str + 1);
+    msghash = k5memdup0(str, end - str, &retval);
     if (!msghash)
         return KRB5_RC_MALLOC;
-    memcpy(msghash, str, end - str);
-    msghash[end - str] = '\0';
     str = end + 1;
 
     /* Parse out the client and server. */

diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c
index 625c9de1c4294e47b29be67c67885d19622b76bb..38d8d47d02cf8887fb51b1033613e407a540c801 100644 (file)
--- a/src/lib/krb5/unicode/ucstr.c
+++ b/src/lib/krb5/unicode/ucstr.c
@@ -160,13 +160,9 @@ krb5int_utf8_normalize(
 
            if (i == len) {
                newdata->length = len;
-               newdata->data = malloc(newdata->length + 1);
-               if (newdata->data == NULL) {
-                   retval = ENOMEM;
+               newdata->data = k5memdup0(s, len, &retval);
+               if (newdata->data == NULL)
                    goto cleanup;
-               }
-               memcpy(newdata->data, s, len);
-               newdata->data[len] = '\0';
                *newdataptr = newdata;
                return 0;
            }

diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
index fa6f0a38cb236de66d05e539628ba107806ea808..5e046ab6123eb9239a010f7b148af3eda801fcda 100644 (file)
--- a/src/plugins/kdb/db2/adb_policy.c
+++ b/src/plugins/kdb/db2/adb_policy.c
@@ -211,10 +211,9 @@ osa_adb_get_policy(osa_adb_policy_t db, char *name,
     entry = k5alloc(sizeof(*entry), &ret);
     if (entry == NULL)
         goto error;
-    aligned_data = k5alloc(dbdata.size, &ret);
+    aligned_data = k5memdup(dbdata.data, dbdata.size, &ret);
     if (aligned_data == NULL)
         goto error;
-    memcpy(aligned_data, dbdata.data, dbdata.size);
     xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
     if (!xdr_osa_policy_ent_rec(&xdrs, entry)) {
         ret = OSA_ADB_FAILURE;
@@ -343,11 +342,9 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
             goto error;
         }
 
-        if(!(aligned_data = (char *) malloc(dbdata.size))) {
-            ret = ENOMEM;
+        aligned_data = k5memdup(dbdata.data, dbdata.size, &ret);
+        if (aligned_data == NULL)
             goto error;
-        }
-        memcpy(aligned_data, dbdata.data, dbdata.size);
 
         memset(entry, 0, sizeof(osa_policy_ent_rec));
         xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);

diff --git a/src/plugins/kdb/db2/kdb_xdr.c b/src/plugins/kdb/db2/kdb_xdr.c
index 184615cdaef7dd47367ab6f2ce9f8a743da02de4..5264963386f8db923e451c25131223cb8929b727 100644 (file)
--- a/src/plugins/kdb/db2/kdb_xdr.c
+++ b/src/plugins/kdb/db2/kdb_xdr.c
@@ -310,10 +310,9 @@ krb5_decode_princ_entry(krb5_context context, krb5_data *content,
     /* Check for extra data */
     if (entry->len > KRB5_KDB_V1_BASE_LENGTH) {
         entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
-        entry->e_data = k5alloc(entry->e_length, &retval);
+        entry->e_data = k5memdup(nextloc, entry->e_length, &retval);
         if (entry->e_data == NULL)
             goto error_out;
-        memcpy(entry->e_data, nextloc, entry->e_length);
         nextloc += entry->e_length;
     }
 
@@ -363,12 +362,10 @@ krb5_decode_princ_entry(krb5_context context, krb5_data *content,
             retval = KRB5_KDB_TRUNCATED_RECORD;
             goto error_out;
         }
-        if (((*tl_data)->tl_data_contents = (krb5_octet *)
-             malloc((*tl_data)->tl_data_length)) == NULL) {
-            retval = ENOMEM;
+        (*tl_data)->tl_data_contents =
+            k5memdup(nextloc, (*tl_data)->tl_data_length, &retval);
+        if ((*tl_data)->tl_data_contents == NULL)
             goto error_out;
-        }
-        memcpy((*tl_data)->tl_data_contents,nextloc,(*tl_data)->tl_data_length);
         nextloc += (*tl_data)->tl_data_length;
         tl_data = &((*tl_data)->tl_data_next);
     }
@@ -411,13 +408,11 @@ krb5_decode_princ_entry(krb5_context context, krb5_data *content,
                     goto error_out;
                 }
                 if (key_data->key_data_length[j]) {
-                    if ((key_data->key_data_contents[j] = (krb5_octet *)
-                         malloc(key_data->key_data_length[j])) == NULL) {
-                        retval = ENOMEM;
+                    key_data->key_data_contents[j] =
+                        k5memdup(nextloc, key_data->key_data_length[j],
+                                 &retval);
+                    if (key_data->key_data_contents[j] == NULL)
                         goto error_out;
-                    }
-                    memcpy(key_data->key_data_contents[j], nextloc,
-                           key_data->key_data_length[j]);
                     nextloc += key_data->key_data_length[j];
                 }
             }

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 5f789da9839ac622489ad0d17653ab3c9fb1049c..c4024b8d0705118223b6b5edd1905bdc890bfe0e 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -826,11 +826,9 @@ decode_tl_data(krb5_tl_data *tl_data, int tl_type, void **data)
                 UNSTORE16_INT(curr, sublen);
                 /* forward by 2 bytes */
                 curr += 2;
-                DN = malloc (sublen + 1);
+                DN = k5memdup0(curr, sublen, &st);
                 if (DN == NULL)
-                    return ENOMEM;
-                memcpy(DN, curr, sublen);
-                DN[sublen] = 0;
+                    return st;
                 *data = DN;
                 curr += sublen;
                 st = 0;
@@ -854,11 +852,9 @@ decode_tl_data(krb5_tl_data *tl_data, int tl_type, void **data)
                 UNSTORE16_INT(curr, sublen);
                 /* forward by 2 bytes */
                 curr += 2;
-                DNarr[i] = malloc (sublen + 1);
+                DNarr[i] = k5memdup0(curr, sublen, &st);
                 if (DNarr[i] == NULL)
-                    return ENOMEM;
-                memcpy(DNarr[i], curr, sublen);
-                DNarr[i][sublen] = 0;
+                    return st;
                 ++i;
                 curr += sublen;
                 *data = DNarr;
@@ -1292,12 +1288,10 @@ krb5_add_ber_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
             return ENOMEM;
 
         (*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
-        (*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
+        (*mods)[i]->mod_bvalues[j]->bv_val =
+            k5memdup(ber_values[j]->bv_val, ber_values[j]->bv_len, &st);
         if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
             return ENOMEM;
-
-        memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
-               ber_values[j]->bv_len);
     }
     (*mods)[i]->mod_bvalues[j] = NULL;
     return 0;

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 1e671c7ed2779d22d17b12d7bbf41b3431b4f094..527873c1f28fa123b89458c46914716bc2ccf649 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -331,12 +331,9 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
                                                       dptr)) != 0)
                     goto cleanup;
             } else {
-                *dptr = calloc (1, arg_val_len);
-                if (*dptr == NULL) {
-                    st = ENOMEM;
+                *dptr = k5memdup(arg_val, arg_val_len, &st);
+                if (*dptr == NULL)
                     goto cleanup;
-                }
-                memcpy(*dptr, arg_val, arg_val_len);
             }
         }
     }

diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 132eef6653f0101afc13ff14a5b2ab6bc130ac7d..e379382119753bf80f4dd03c7cddcf0f987f1cf4 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -639,11 +639,11 @@ pkinit_pick_kdf_alg(krb5_context context, krb5_data **kdf_list,
                 tmp_oid = k5alloc(sizeof(krb5_data), &retval);
                 if (retval)
                     goto cleanup;
-                tmp_oid->data = k5alloc(supp_oid->length, &retval);
+                tmp_oid->data = k5memdup(supp_oid->data, supp_oid->length,
+                                         &retval);
                 if (retval)
                     goto cleanup;
                 tmp_oid->length = supp_oid->length;
-                memcpy(tmp_oid->data, supp_oid->data, tmp_oid->length);
                 *alg_oid = tmp_oid;
                 /* don't free the OID in clean-up if we are returning it */
                 tmp_oid = NULL;