Fix SPAKE memory leak

In the NIST group implementations, ossl_fini() needs to free the
groupdata container as well as its fields.  Also in
spake_kdc.c:parse_data(), initialize the magic field of the resulting
data object to avoid a harmless uninitialized memory copy.

ticket: 8647

diff --git a/src/plugins/preauth/spake/openssl.c b/src/plugins/preauth/spake/openssl.c
index b821a9158fcb524e2ac01dd558b68772b7d82b11..f2e4b53ec14a62df586d0d650a35c4a448ae3415 100644 (file)
--- a/src/plugins/preauth/spake/openssl.c
+++ b/src/plugins/preauth/spake/openssl.c
@@ -69,6 +69,7 @@ ossl_fini(groupdata *gd)
     EC_POINT_free(gd->N);
     BN_CTX_free(gd->ctx);
     BN_free(gd->order);
+    free(gd);
 }
 
 static krb5_error_code

diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
index c1723ebafca166a7c73a6eeddf3cd8cd1b425a6a..59e88409ed949d31f91304d6402633ccc3e21a18 100644 (file)
--- a/src/plugins/preauth/spake/spake_kdc.c
+++ b/src/plugins/preauth/spake/spake_kdc.c
@@ -75,6 +75,7 @@ parse_data(struct k5input *in, krb5_data *out)
 {
     out->length = k5_input_get_uint32_be(in);
     out->data = (char *)k5_input_get_bytes(in, out->length);
+    out->magic = KV5M_DATA;
 }
 
 /* Parse a received cookie into its components.  The pointers stored in the