[30187] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.15]: Fix KDC encrypting key memory leak on some
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed May 2 01:33:56 2018
Date: Wed, 2 May 2018 01:26:00 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201805020526.w425Q0Ta031728@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/b294627169fba270dbd78cff5e1408a21051b266
commit b294627169fba270dbd78cff5e1408a21051b266
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Feb 27 11:56:58 2018 -0500
Fix KDC encrypting key memory leak on some errors
Commit 0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d separated the
allocation and destruction of encrypting_key, causing it to leak when
any of the intervening calls jump to the cleanup label. Currently the
leak manifests on transited or authdata failures. Move encrypting_key
destruction to the cleanup label so that it can't leak. Reported by
anedvedicky@gmail.com.
(cherry picked from commit 1bcf2742d504a22b7354251bbc1e19c3dacd95f3)
ticket: 8645
version_fixed: 1.15.3
src/kdc/do_tgs_req.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 339259f..1000a10 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -144,6 +144,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
memset(&reply_encpart, 0, sizeof(reply_encpart));
memset(&ticket_reply, 0, sizeof(ticket_reply));
memset(&enc_tkt_reply, 0, sizeof(enc_tkt_reply));
+ memset(&encrypting_key, 0, sizeof(encrypting_key));
session_key.contents = NULL;
retval = decode_krb5_tgs_req(pkt, &request);
@@ -721,8 +722,6 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key,
&ticket_reply);
- if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
- krb5_free_keyblock_contents(kdc_context, &encrypting_key);
if (errcode) {
status = "ENCRYPT_TICKET";
goto cleanup;
@@ -825,6 +824,8 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
cleanup:
if (status == NULL)
status = "UNKNOWN_REASON";
+ if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
+ krb5_free_keyblock_contents(kdc_context, &encrypting_key);
if (reply_key)
krb5_free_keyblock(kdc_context, reply_key);
if (errcode)
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
