From: Greg Hudson Date: Tue, 27 Mar 2018 14:36:05 +0000 (-0400) Subject: Fix SPAKE memory leak X-Git-Tag: krb5-1.17-beta1~149 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91dad4eba37b5b56dc21d59880cb6eb4d3e6b7a5;p=thirdparty%2Fkrb5.git Fix SPAKE memory leak In the NIST group implementations, ossl_fini() needs to free the groupdata container as well as its fields. Also in spake_kdc.c:parse_data(), initialize the magic field of the resulting data object to avoid a harmless uninitialized memory copy. ticket: 8647 --- diff --git a/src/plugins/preauth/spake/openssl.c b/src/plugins/preauth/spake/openssl.c index b821a9158f..f2e4b53ec1 100644 --- a/src/plugins/preauth/spake/openssl.c +++ b/src/plugins/preauth/spake/openssl.c @@ -69,6 +69,7 @@ ossl_fini(groupdata *gd) EC_POINT_free(gd->N); BN_CTX_free(gd->ctx); BN_free(gd->order); + free(gd); } static krb5_error_code diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c index c1723ebafc..59e88409ed 100644 --- a/src/plugins/preauth/spake/spake_kdc.c +++ b/src/plugins/preauth/spake/spake_kdc.c @@ -75,6 +75,7 @@ parse_data(struct k5input *in, krb5_data *out) { out->length = k5_input_get_uint32_be(in); out->data = (char *)k5_input_get_bytes(in, out->length); + out->magic = KV5M_DATA; } /* Parse a received cookie into its components. The pointers stored in the