From: Tomas Kuthan Date: Tue, 16 May 2017 09:24:40 +0000 (+0200) Subject: Free GSS checksum data deterministically X-Git-Tag: krb5-1.15.2-final~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99ae7efbb9b332123e6d0918ee98c0c961accba7;p=thirdparty%2Fkrb5.git Free GSS checksum data deterministically In the normal course of execution, md5.contents allocated by kg_checksum_channel_bindings() in make_ap_req_v1() is freed in make_gss_checksum(). But when there is a failure in krb5_mk_req_extended() or in make_gss_checksum() before free is called, the memory leaks. This patch frees the memory unconditionally in make_ap_req_v1(). (cherry picked from commit 29337e7c7b796685fb6a03466d32147e17aa2d16) ticket: 8584 version_fixed: 1.15.2 --- diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 70f7955ae1..2a7467f54c 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -355,9 +355,6 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, TWRITE_STR(ptr, data->md5.contents, data->md5.length); TWRITE_INT(ptr, data->ctx->gss_flags, 0); - /* done with this, free it */ - xfree(data->md5.contents); - if (credmsg.data) { TWRITE_INT16(ptr, KRB5_GSS_FOR_CREDS_OPTION, 0); TWRITE_INT16(ptr, credmsg.length, 0); @@ -429,6 +426,7 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context, code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags, NULL, k_cred, &ap_req); krb5_auth_con_set_authdata_context(context, ctx->auth_context, NULL); + krb5_free_checksum_contents(context, &cksum_struct.md5); krb5_free_data_contents(context, &cksum_struct.checksum_data); if (code) goto cleanup;