[30247] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix OTP secret file leak and whitespace removal
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jun 28 00:52:53 2018
Date: Thu, 28 Jun 2018 00:52:45 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201806280452.w5S4qj8C018736@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/396c736c0add2e13f4a9aaaefc9c86445b701953
commit 396c736c0add2e13f4a9aaaefc9c86445b701953
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Jun 26 12:47:10 2018 -0400
Fix OTP secret file leak and whitespace removal
In read_secret_file() in the OTP kdcpreauth module, add a cleanup
label and free filename on exit. Also fix the whitespace stripping
code to correctly find the end offset, and use size_t rather than int
offsets. The leak was reported by Bean Zhang.
ticket: 8704
tags: pullup
target_version: 1.16-next
target_version: 1.15-next
src/plugins/preauth/otp/otp_state.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c
index 93ba6c0..acdbca9 100644
--- a/src/plugins/preauth/otp/otp_state.c
+++ b/src/plugins/preauth/otp/otp_state.c
@@ -84,23 +84,23 @@ read_secret_file(const char *secret_file, char **secret)
{
char buf[MAX_SECRET_LEN];
krb5_error_code retval;
- char *filename;
+ char *filename = NULL;
FILE *file;
- int i, j;
+ size_t i, j;
*secret = NULL;
retval = k5_path_join(KDC_DIR, secret_file, &filename);
if (retval != 0) {
com_err("otp", retval, "Unable to resolve secret file '%s'", filename);
- return retval;
+ goto cleanup;
}
file = fopen(filename, "r");
if (file == NULL) {
retval = errno;
com_err("otp", retval, "Unable to open secret file '%s'", filename);
- return retval;
+ goto cleanup;
}
if (fgets(buf, sizeof(buf), file) == NULL)
@@ -108,7 +108,7 @@ read_secret_file(const char *secret_file, char **secret)
fclose(file);
if (retval != 0) {
com_err("otp", retval, "Unable to read secret file '%s'", filename);
- return retval;
+ goto cleanup;
}
/* Strip whitespace. */
@@ -116,12 +116,15 @@ read_secret_file(const char *secret_file, char **secret)
if (!isspace(buf[i]))
break;
}
- for (j = strlen(buf) - i; j > 0; j--) {
+ for (j = strlen(buf); j > i; j--) {
if (!isspace(buf[j - 1]))
break;
}
*secret = k5memdup0(&buf[i], j - i, &retval);
+
+cleanup:
+ free(filename);
return retval;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
