Stop misusing gss_release_buffer in libgssrpc

Use free() instead of gss_release_buffer() when freeing buffers in
libgssrpc which weren't constructed by GSSAPI.  This mixing is
harmless in normal configurations (since libgssrpc is only used on
Unix), but fails with DEBUG_GSSALLOC.

diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c
index 6e6117915108b139df32897a0dad40e88361ffe8..ab161c17d9cb13b70a7b8c1d850b5292c43b0fb5 100644 (file)
--- a/src/lib/rpc/auth_gss.c
+++ b/src/lib/rpc/auth_gss.c
@@ -432,7 +432,8 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 
                log_status("gss_init_sec_context", maj_stat, min_stat);
                if (recv_tokenp != GSS_C_NO_BUFFER) {
-                       gss_release_buffer(&min_stat, &gr.gr_token);
+                       free(gr.gr_token.value);
+                       gr.gr_token.value = NULL;
                        recv_tokenp = GSS_C_NO_BUFFER;
                }
                if (maj_stat != GSS_S_COMPLETE &&
@@ -459,9 +460,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
                                break;
 
                        if (gr.gr_ctx.length != 0) {
-                               if (gd->gc.gc_ctx.value)
-                                       gss_release_buffer(&min_stat,
-                                                          &gd->gc.gc_ctx);
+                               free(gd->gc.gc_ctx.value);
                                gd->gc.gc_ctx = gr.gr_ctx;
                        }
                        if (gr.gr_token.length != 0) {
@@ -490,17 +489,18 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
                        log_debug("authgss_refresh: GSS_S_COMPLETE: calling verify_mic");
                        maj_stat = gss_verify_mic(&min_stat,gd->ctx,
                                &bufin, &bufout, &qop_state);
+                       free(gd->gc_wire_verf.value);
+                       gd->gc_wire_verf.length = 0;
+                       gd->gc_wire_verf.value = NULL;
 
                        if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
                                log_status("gss_verify_mic", maj_stat, min_stat);
-                               gss_release_buffer(&min_stat, &gd->gc_wire_verf);
                                if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
                                        gd->established = FALSE;
                                        authgss_destroy_context(auth);
                                }
                                return (FALSE);
                        }
-                       gss_release_buffer(&min_stat, &gd->gc_wire_verf);
                        gd->established = TRUE;
                        gd->inprogress = FALSE;
                        gd->gc.gc_proc = RPCSEC_GSS_DATA;
@@ -513,9 +513,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
        /* End context negotiation loop. */
        if (gd->gc.gc_proc != RPCSEC_GSS_DATA) {
                log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc);
-               if (gr.gr_token.length != 0)
-                       gss_release_buffer(&min_stat, &gr.gr_token);
-
+               free(gr.gr_token.value);
                authgss_destroy(auth);
                auth = NULL;
                rpc_createerr.cf_stat = RPC_AUTHERROR;
@@ -565,7 +563,7 @@ authgss_destroy_context(AUTH *auth)
                                  clnt_sperror(gd->clnt,
                                               "authgss_destroy_context"));
                }
-               gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
+               free(gd->gc.gc_ctx.value);
                /* XXX ANDROS check size of context  - should be 8 */
                memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
        }

diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index e7a1f8b00b5e0c0b41a8c93f68d5222703f3607a..64a6b5b791e8fe90731592452032f89784fca293 100644 (file)
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -743,9 +743,7 @@ skip_call:
                                           gssstat, minor_stat));
      }
 
-     if (AUTH_PRIVATE(auth)->client_handle.length != 0)
-         gss_release_buffer(&minor_stat,
-                            &AUTH_PRIVATE(auth)->client_handle);
+     free(AUTH_PRIVATE(auth)->client_handle.value);
 
 #if 0
      PRINTF(("gssapi_destroy: calling GSSAPI_EXIT\n"));

diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c
index 01f16ea55d4f15ab4d395ca396cd3c57c334528f..a5a587f90553279a18df7bad3bd2e9b8c98f1e41 100644 (file)
--- a/src/lib/rpc/authgss_prot.c
+++ b/src/lib/rpc/authgss_prot.c
@@ -212,7 +212,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
                /* Verify checksum and QOP. */
                maj_stat = gss_verify_mic(&min_stat, ctx, &databuf,
                                          &wrapbuf, &qop_state);
-               gss_release_buffer(&min_stat, &wrapbuf);
+               free(wrapbuf.value);
 
                if (maj_stat != GSS_S_COMPLETE || qop_state != qop) {
                        gss_release_buffer(&min_stat, &databuf);
@@ -230,7 +230,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
                maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf,
                                      &conf_state, &qop_state);
 
-               gss_release_buffer(&min_stat, &wrapbuf);
+               free(wrapbuf.value);
 
                /* Verify encryption and QOP. */
                if (maj_stat != GSS_S_COMPLETE || qop_state != qop ||