3479. [bug] Address potential memory leaks in gssapi support

author Mark Andrews <marka@isc.org>

Fri, 25 Jan 2013 01:23:38 +0000 (12:23 +1100)

committer Mark Andrews <marka@isc.org>

Fri, 25 Jan 2013 01:24:38 +0000 (12:24 +1100)
author Mark Andrews <marka@isc.org>
Fri, 25 Jan 2013 01:23:38 +0000 (12:23 +1100)
committer Mark Andrews <marka@isc.org>
Fri, 25 Jan 2013 01:24:38 +0000 (12:24 +1100)
diff --git a/CHANGES b/CHANGES

index 9f03d22950f7041a21f3466e7acd3e8f1a85aa51..88509acae78a0dd43b854c184309a780f35fe8fe 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3479.  [bug]           Address potential memory leaks in gssapi support
+                       code. [RT #32405]
+
  3478.  [port]          Fix a build failure in strict C99 environments
                         [RT #32475]
  
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c

index 601511b5578b83a02200e75c98a9a1642ae4a0e8..f10b14ee969c9dd267ecc6e7cee09251baa89574 100644 (file)
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -630,8 +630,10 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status,
                                   sizeof(mechbuf),
                                   &init_token.mechTypes.val[i],
                                   &mech_len);
-               if (ret)
+               if (ret) {
+                       free_NegTokenInit(&init_token);
                         return (GSS_S_DEFECTIVE_TOKEN);
+               }
                 if (mech_len == GSS_KRB5_MECH->length &&
                     memcmp(GSS_KRB5_MECH->elements,
                            mechbuf + sizeof(mechbuf) - mech_len,
@@ -650,8 +652,10 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status,
                 }
         }
  
-       if (!found)
+       if (!found) {
+               free_NegTokenInit(&init_token);
                 return (send_reject(minor_status, output_token));
+       }
  
         if (i == 0 && init_token.mechToken != NULL) {
                 ibuf.length = init_token.mechToken->length;
@@ -669,12 +673,14 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status,
                                                       time_rec,
                                                       delegated_cred_handle);
                 if (GSS_ERROR(major_status)) {
+                       free_NegTokenInit(&init_token);
                         send_reject(&minor_status2, output_token);
                         return (major_status);
                 }
                 ot = &obuf;
         }
         ret = send_accept(&minor_status2, output_token, ot, pref);
+       free_NegTokenInit(&init_token);
         if (ot != NULL && ot->length != 0U)
                 gss_release_buffer(&minor_status2, ot);
  
@@ -865,6 +871,8 @@ der_get_oid(const unsigned char *p, size_t len,
         int n;
         size_t oldlen = len;
  
+       data->components = NULL;
+       data->length = 0;
         if (len < 1U)
                 return (ASN1_OVERRUN);
  
@@ -1696,6 +1704,7 @@ spnego_reply(OM_uint32 *minor_status,
  
         ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL);
         if (ret) {
+               free_NegTokenResp(&resp);
                 *minor_status = ENOMEM;
                 return (GSS_S_FAILURE);
         }
author	Mark Andrews <marka@isc.org>
	Fri, 25 Jan 2013 01:23:38 +0000 (12:23 +1100)
committer	Mark Andrews <marka@isc.org>
	Fri, 25 Jan 2013 01:24:38 +0000 (12:24 +1100)
CHANGES		patch \| blob \| blame \| history
lib/dns/spnego.c		patch \| blob \| blame \| history