[30234] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix minor leaks in principal conversions
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jun 19 10:11:39 2018
Date: Tue, 19 Jun 2018 10:11:33 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201806191411.w5JEBX3d019781@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/971c5213f7c501d3943bc0ff8db918f1616aa35a
commit 971c5213f7c501d3943bc0ff8db918f1616aa35a
Author: Greg Hudson <ghudson@mit.edu>
Date: Fri Jun 15 11:20:34 2018 -0400
Fix minor leaks in principal conversions
In krb5_524_conv_principal(), if the realm we read from the profile is
too long for the result buffer, free the profile value before
returning.
In krb5_425_conv_principal(), if krb5_get_realm_domain() fails, still
free any leftover allocated data using a cleanup label. The only one
that could be left over is dummy_value which we could address easily
enough within the loop, but we shouldn't sidestep the cleanup code.
Both bugs were reported by Bean Zhang.
ticket: 8695
src/lib/krb5/krb/conv_princ.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c
index 78fc2f4..9dc3798 100644
--- a/src/lib/krb5/krb/conv_princ.c
+++ b/src/lib/krb5/krb/conv_princ.c
@@ -239,8 +239,10 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
realm[compo->length] = '\0';
} else {
tmp_realm_len = strlen(tmp_realm);
- if (tmp_realm_len > REALM_SZ - 1)
+ if (tmp_realm_len > REALM_SZ - 1) {
+ profile_release_string(tmp_realm);
return KRB5_INVALID_PRINCIPAL;
+ }
strncpy(realm, tmp_realm, tmp_realm_len);
realm[tmp_realm_len] = '\0';
profile_release_string(tmp_realm);
@@ -332,7 +334,7 @@ krb5_425_conv_principal(krb5_context context, const char *name,
buf[sizeof(buf) - 1] = '\0';
retval = krb5_get_realm_domain(context, realm, &domain);
if (retval)
- return retval;
+ goto cleanup;
if (domain) {
for (cp = domain; *cp; cp++)
if (isupper((unsigned char) (*cp)))
@@ -349,6 +351,7 @@ krb5_425_conv_principal(krb5_context context, const char *name,
not_service:
retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
instance, NULL);
+cleanup:
if (iterator) profile_iterator_free (&iterator);
if (full_name) profile_free_list(full_name);
if (v4realms) profile_free_list(v4realms);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
