[31180] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.20]: Fix memory leak in OTP kdcpreauth module

daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Nov 15 11:31:59 2022

From: ghudson@mit.edu
To: <cvs-krb5@mit.edu>
Message-ID: <20221115163141.E235E1045F9@krbdev.mit.edu>
Date: Tue, 15 Nov 2022 11:31:41 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/1166f1404c47af54f3d5b2533bb001fdadf6aadc
commit 1166f1404c47af54f3d5b2533bb001fdadf6aadc
Author: Greg Hudson <ghudson@mit.edu>
Date:   Fri Jun 3 14:30:42 2022 -0400

    Fix memory leak in OTP kdcpreauth module
    
    In otp_edata(), free the generated nonce.
    
    (cherry picked from commit 5ad465bc8e0d957a4945218bea487b77622bf433)
    
    ticket: 9063
    version_fixed: 1.20.1

 src/plugins/preauth/otp/main.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index 119714f99..0e682aae5 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     krb5_pa_otp_challenge chl;
     krb5_pa_data *pa = NULL;
     krb5_error_code retval;
-    krb5_data *encoding;
+    krb5_data *encoding, nonce = empty_data();
     char *config;
 
     /* Determine if otp is enabled for the user. */
@@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     ti.iteration_count = -1;
 
     /* Generate the nonce. */
-    retval = nonce_generate(context, armor_key->length, &chl.nonce);
+    retval = nonce_generate(context, armor_key->length, &nonce);
     if (retval != 0)
         goto out;
+    chl.nonce = nonce;
 
     /* Build the output pa-data. */
     retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
@@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     free(encoding);
 
 out:
+    krb5_free_data_contents(context, &nonce);
     (*respond)(arg, retval, pa);
 }
 
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post