From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 3 Jun 2022 18:30:42 +0000 (-0400)
Subject: Fix memory leak in OTP kdcpreauth module
X-Git-Tag: krb5-1.21-beta1~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ad465bc8e0d957a4945218bea487b77622bf433;p=thirdparty%2Fkrb5.git

Fix memory leak in OTP kdcpreauth module

In otp_edata(), free the generated nonce.

ticket: 9063 (new)
tags: pullup
target_version: 1.20-next
target_version: 1.19-next
---

diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index 119714f994..0e682aae58 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     krb5_pa_otp_challenge chl;
     krb5_pa_data *pa = NULL;
     krb5_error_code retval;
-    krb5_data *encoding;
+    krb5_data *encoding, nonce = empty_data();
     char *config;
 
     /* Determine if otp is enabled for the user. */
@@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     ti.iteration_count = -1;
 
     /* Generate the nonce. */
-    retval = nonce_generate(context, armor_key->length, &chl.nonce);
+    retval = nonce_generate(context, armor_key->length, &nonce);
     if (retval != 0)
         goto out;
+    chl.nonce = nonce;
 
     /* Build the output pa-data. */
     retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
@@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     free(encoding);
 
 out:
+    krb5_free_data_contents(context, &nonce);
     (*respond)(arg, retval, pa);
 }