[30981] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix PKINIT memory leaks
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Mar 23 00:26:26 2021
Date: Tue, 23 Mar 2021 00:26:21 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202103230426.12N4QLUO002174@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/aee8a823db095eda5842420e917fe7a664a0e7af
commit aee8a823db095eda5842420e917fe7a664a0e7af
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Mar 10 21:53:33 2021 -0500
Fix PKINIT memory leaks
pkinit_client_process() calls pkinit_client_profile() a second time,
leaking the values obtained the first time. Remove the call.
Commit 13ae08e70a05768d4f65978ce1a8d4e16fec0d35 introduced more
possibilities for process_option_identity() to return failure after it
filled in some fields. PKCS11 option parsing already prevents leaks
by freeing old values before setting new ones; do so in the other
option-parsing functions as well.
ticket: 8991 (new)
src/plugins/preauth/pkinit/pkinit_clnt.c | 2 --
src/plugins/preauth/pkinit/pkinit_identity.c | 5 +++++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index b6266b4..e2f8154 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -1105,8 +1105,6 @@ pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata,
_("No pkinit_anchors supplied"));
return KRB5_PREAUTH_FAILED;
}
- pkinit_client_profile(context, plgctx, reqctx, cb, rock,
- &request->server->realm);
/* Pull in PINs and passwords for identities which we deferred
* loading earlier. */
retval = pkinit_client_parse_answers(context, moddata, modreq,
diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c
index 4c8e843..62b2cf7 100644
--- a/src/plugins/preauth/pkinit/pkinit_identity.c
+++ b/src/plugins/preauth/pkinit/pkinit_identity.c
@@ -333,6 +333,8 @@ parse_fs_options(krb5_context context,
if (key_filename == NULL)
goto cleanup;
+ free(idopts->cert_filename);
+ free(idopts->key_filename);
idopts->cert_filename = cert_filename;
idopts->key_filename = key_filename;
cert_filename = key_filename = NULL;
@@ -355,10 +357,12 @@ parse_pkcs12_options(krb5_context context,
if (residual == NULL || residual[0] == '\0')
return 0;
+ free(idopts->cert_filename);
idopts->cert_filename = strdup(residual);
if (idopts->cert_filename == NULL)
goto cleanup;
+ free(idopts->key_filename);
idopts->key_filename = strdup(residual);
if (idopts->key_filename == NULL)
goto cleanup;
@@ -438,6 +442,7 @@ process_option_identity(krb5_context context,
break;
#endif
case IDTYPE_DIR:
+ free(idopts->cert_filename);
idopts->cert_filename = strdup(residual);
if (idopts->cert_filename == NULL)
retval = ENOMEM;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
