Fix memory management errors detected through static analysis; thanks Greg Hudson

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/fast@22156 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 7b590f4e01f1676ae0bd414e32a1212f1cfd6a6d..2aa8d64d9237a279683a2b2a9b898335309c1629 100644 (file)
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -760,7 +760,7 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, int e
            if (pa == NULL)
                retval = ENOMEM;
            else                for (size = 0; td[size]; size++) {
-               krb5_pa_data *pad = malloc(sizeof(krb5_pa_data *));
+               krb5_pa_data *pad = malloc(sizeof(krb5_pa_data ));
                if (pad == NULL) {
                    retval = ENOMEM;
                    break;

diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
index 10d1d3eb61d853ca5ce9da238f5faab360eb9478..a95398e0a478cec1b7a4228323471fef9846d06b 100644 (file)
--- a/src/kdc/fast_util.c
+++ b/src/kdc/fast_util.c
@@ -50,7 +50,7 @@ static krb5_error_code armor_ap_request
     krb5_ticket *ticket = NULL;
     krb5_keyblock *subkey = NULL;
     
-    assert(armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST);
+    assert(armor->armor_type == KRB5_FAST_ARMOR_AP_REQUEST);
     krb5_clear_error_message(kdc_context);
     retval = krb5_auth_con_init(kdc_context, &authcontext);
     if (retval == 0)
@@ -270,7 +270,7 @@ krb5_error_code kdc_fast_response_handle_padata
     krb5_fast_response fast_response;
     krb5_data *encoded_ticket = NULL;
     krb5_data *encrypted_reply = NULL;
-    krb5_pa_data *pa = NULL, **pa_array;
+    krb5_pa_data *pa = NULL, **pa_array = NULL;
     krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5;
     krb5_pa_data *empty_padata[] = {NULL};
     
@@ -309,11 +309,14 @@ krb5_error_code kdc_fast_response_handle_padata
        pa_array[0] = &pa[0];
        rep->padata = pa_array;
        pa_array = NULL;
+       free(encrypted_reply);
        encrypted_reply = NULL;
        pa = NULL;
     }
     if (pa)
       free(pa);
+    if (pa_array)
+       free(pa_array);
     if (encrypted_reply)
        krb5_free_data(kdc_context, encrypted_reply);
     if (encoded_ticket)

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 08d84db68960886cdcc9a7d18d1f24f373050b43..8e531f03b880935fd9f5b5c1b2064b597038fafd 100644 (file)
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -347,13 +347,13 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from,
                                   authenticator->authorization_data,
                                   KRB5_AUTHDATA_FX_ARMOR, &authdata);
     if (retval != 0)
-       goto cleanup_auth_context;
+       goto cleanup_authenticator;
         if (authdata&& authdata[0]) {
        krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
                               "ticket valid only as FAST armor");
        retval = KRB5KDC_ERR_POLICY;
        krb5_free_authdata(kdc_context, authdata);
-       goto cleanup_auth_context;
+       goto cleanup_authenticator;
     }
     krb5_free_authdata(kdc_context, authdata);
     

diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index e9f54be788bd7616624fc41b5a8b62c81e52a187..3b13c184a1156e768f13accf560550d382763108 100644 (file)
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -299,6 +299,8 @@ static krb5_error_code decrypt_fast_reply
        free(scratch.data);
     if (encrypted_response)
        krb5_free_enc_data(context, encrypted_response);
+    if (local_resp)
+       krb5_free_fast_response(context, local_resp);
     return retval;
 }
 

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 30a38cdae99429733840ebad81a48b34ce132e9e..2001a1623b7c2df385e4a528a8344d285144cc73 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1340,8 +1340,6 @@ krb5_get_init_creds(krb5_context context,
                out_padata = NULL;
                krb5_free_error(context, err_reply);
                err_reply = NULL;
-               if (ret)
-                   goto cleanup;
                ret = sort_krb5_padata_sequence(context,
                                                &request.server->realm,
                                                preauth_to_use);

diff --git a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
index 3fad7ccd3a7614db7979cf70236f0b9eea95c99d..692449150e1c89ab1bed54b4035842424baa0f0f 100644 (file)
--- a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
+++ b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
@@ -116,6 +116,7 @@ static krb5_error_code process_preauth
        krb5_pa_data **pa_array = NULL;
        krb5_data *encoded_ts = NULL;
        krb5_pa_enc_ts ts;
+       enc.ciphertext.data = NULL;
        if (retval == 0)
        retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
        if (retval == 0)
@@ -300,8 +301,6 @@ static krb5_error_code kdc_verify_preauth
     }
     if (armor_key)
        krb5_free_keyblock(context, armor_key);
-    if (challenge_key)
-       krb5_free_keyblock(context, challenge_key);
     if (plain.data) 
        free(plain.data);
     if (enc)