Fix output token and GSS context leaks in TKEY/GSS-API error paths

In dst_gssapi_acceptctx(), rename outtoken to outtokenp (matching BIND
convention for output pointer parameters) and free the allocated output
token buffer on error in the cleanup path.

In process_gsstkey(), route the empty-principal error path through
cleanup via CLEANUP() instead of returning early, so that the output
token, GSS context, and TSIG key are all freed consistently by the
existing cleanup block.

(cherry picked from commit f2240d2d06a1a68b622bd6b00a52c6fe4274426d)

diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
index c7bc5d1810def25579884c4c8f6fcc2a49954e76..880a245e06621075ac277855520203db1d6a7bee 100644 (file)
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -651,7 +651,7 @@ out:
 
 isc_result_t
 dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
-                    isc_region_t *intoken, isc_buffer_t **outtoken,
+                    isc_region_t *intoken, isc_buffer_t **outtokenp,
                     dns_gss_ctx_id_t *ctxout, dns_name_t *principal,
                     isc_mem_t *mctx) {
        isc_region_t r;
@@ -664,7 +664,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
        isc_result_t result;
        char buf[1024];
 
-       REQUIRE(outtoken != NULL && *outtoken == NULL);
+       REQUIRE(outtokenp != NULL && *outtokenp == NULL);
        REQUIRE(*ctxout == NULL);
 
        REGION_TO_GBUFFER(*intoken, gintoken);
@@ -745,10 +745,13 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
        }
 
        if (gouttoken.length > 0U) {
-               isc_buffer_allocate(mctx, outtoken,
+               isc_buffer_allocate(mctx, outtokenp,
                                    (unsigned int)gouttoken.length);
                GBUFFER_TO_REGION(gouttoken, r);
-               RETERR(isc_buffer_copyregion(*outtoken, &r));
+               result = isc_buffer_copyregion(*outtokenp, &r);
+               if (result != ISC_R_SUCCESS) {
+                       goto out;
+               }
                (void)gss_release_buffer(&minor, &gouttoken);
        }
 
@@ -789,6 +792,10 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
        *ctxout = context;
 
 out:
+       if (result != ISC_R_SUCCESS && *outtokenp != NULL) {
+               isc_buffer_free(outtokenp);
+       }
+
        if (result != ISC_R_SUCCESS && context != GSS_C_NO_CONTEXT) {
                (void)gss_delete_sec_context(&minor, &context, NULL);
        }

diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 7f39fbdd31722c2f3e481d71bd78c55ecaa1ecef..9eba35078adf27424397379186d5f547cd196db3 100644 (file)
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -546,13 +546,10 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
                                      &intoken, &outtoken, &gss_ctx, principal,
                                      tctx->mctx);
        if (result != ISC_R_SUCCESS) {
-               if (tsigkey != NULL) {
-                       dns_tsigkey_detach(&tsigkey);
-               }
                tkeyout->error = dns_tsigerror_badkey;
-               tkey_log("process_gsstkey(): dns_tsigerror_badkey"); /* XXXSRA
-                                                                     */
-               return (ISC_R_SUCCESS);
+               tkey_log("process_gsstkey(): dns_tsigerror_badkey");
+               result = ISC_R_SUCCESS;
+               goto failure;
        }
 
        /*
@@ -564,9 +561,11 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
        isc_stdtime_get(&now);
 
        if (dns_name_countlabels(principal) == 0U) {
-               if (tsigkey != NULL) {
-                       dns_tsigkey_detach(&tsigkey);
-               }
+               tkeyout->error = dns_tsigerror_badkey;
+               tkey_log("process_gsstkey(): "
+                        "completed context with empty principal");
+               result = ISC_R_SUCCESS;
+               goto failure;
        } else if (tsigkey == NULL) {
 #ifdef GSSAPI
                OM_uint32 gret, minor, lifetime;
@@ -645,10 +644,10 @@ failure:
                isc_buffer_free(&outtoken);
        }
 
-       tkey_log("process_gsstkey(): %s", isc_result_totext(result)); /* XXXSRA
-                                                                      */
-
-       return (result);
+       if (result != ISC_R_SUCCESS) {
+               tkey_log("process_gsstkey(): %s", isc_result_totext(result));
+       }
+       return result;
 }
 
 static isc_result_t