From: Simo Sorce <simo@redhat.com>
Date: Wed, 16 Dec 2015 18:19:27 +0000 (-0500)
Subject: Use DB allocators for default key data encryption
X-Git-Tag: krb5-1.15-beta1~265
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e9f19882c1e127fd7d9b09f9d6c3331ee638bfd;p=thirdparty%2Fkrb5.git

Use DB allocators for default key data encryption

krb5_dbe_def_encrypt_key_data() is used by KDB modules as the default
encryption functions.  It deals with structures allocated or freed by
the KDB module, so it needs to use the module's memory allocation
functions.
---

diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index 2ca4632766..dafe6124ab 100644
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -73,9 +73,10 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
     krb5_data                     plain;
     krb5_enc_data                 cipher;
 
-    for (i = 0; i < key_data->key_data_ver; i++)
-        if (key_data->key_data_contents[i])
-            free(key_data->key_data_contents[i]);
+    for (i = 0; i < key_data->key_data_ver; i++) {
+        krb5_db_free(context, key_data->key_data_contents[i]);
+        key_data->key_data_contents[i] = NULL;
+    }
 
     key_data->key_data_ver = 1;
     key_data->key_data_kvno = keyver;
@@ -88,7 +89,8 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
                                         &len)))
         return(retval);
 
-    if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL)
+    ptr = krb5_db_alloc(context, NULL, 2 + len);
+    if (ptr == NULL)
         return(ENOMEM);
 
     key_data->key_data_type[0] = dbkey->enctype;
@@ -106,7 +108,7 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
 
     if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
                                  &plain, &cipher))) {
-        free(key_data->key_data_contents[0]);
+        krb5_db_free(context, key_data->key_data_contents[0]);
         return retval;
     }
 
@@ -117,9 +119,9 @@ krb5_dbe_def_encrypt_key_data( krb5_context             context,
             key_data->key_data_type[1] = keysalt->type;
             if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
                 key_data->key_data_contents[1] =
-                    (krb5_octet *)malloc(keysalt->data.length);
+                    krb5_db_alloc(context, NULL, keysalt->data.length);
                 if (key_data->key_data_contents[1] == NULL) {
-                    free(key_data->key_data_contents[0]);
+                    krb5_db_free(context, key_data->key_data_contents[0]);
                     return ENOMEM;
                 }
                 memcpy(key_data->key_data_contents[1], keysalt->data.data,