[2648] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

pending/357:

daemon@ATHENA.MIT.EDU (Patrick Powell)
Mon Jan 27 14:37:42 1997

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, papowell@dickory.sdsu.edu
Date: Mon, 27 Jan 1997 11:34:51 -0800 (PST)
From: Patrick Powell <papowell@dickory.sdsu.edu>
Reply-To: papowell@dickory.sdsu.edu
To: krb5-bugs@MIT.EDU


>Number:         357
>Category:       pending
>Synopsis:       
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Mon Jan 27 14:37:01 EST 1997
>Last-Modified:
>Originator:     Patrick Powell
>Organization:
Prof. Patrick Powell
Dept. Electrical and Computer Engineering,
San Diego State University,
San Diego, CA 92182-1309
Office (619) 594-7796; Lab (619) 594-7578 FAX (619) 594-7577
email: papowell@sdsu.edu
>Release:        1.0
>Environment:
	<machine, os, target, libraries (multiple lines)>
System: SunOS dickory 4.1.4 2 sun4m
Architecture: sun4

>Description:
	<precise description of the problem (multiple lines)>
src/lib/krb5/krb/sendauth.b

krb5_sendauth(context, auth_context,
          /* IN */
          fd, appl_version, client, server, ap_req_options, in_data,
          in_creds,
          /* IN/OUT */
          ccache,
          /* OUT */
          error, rep_result, out_creds)
        krb5_context          context;
        krb5_auth_context       * auth_context;
    krb5_pointer          fd;
    char            * appl_version;
    krb5_principal        client;
    krb5_principal        server;
    krb5_flags        ap_req_options;
    krb5_data       * in_data;
    krb5_creds      * in_creds;
    krb5_ccache       ccache;
    krb5_error             ** error;
    krb5_ap_rep_enc_part   ** rep_result;
    krb5_creds         ** out_creds;

out_creds is used to return the credentials to the caller.
At the end of the routine, we have the following:

    retval = 0;     /* Normal return */
    if (out_creds) {
        *out_creds = credsp;      <--- returned to user value 
    }

error_return:
    krb5_free_cred_contents(context, &creds);
    if (credspout)          <<<<<<<<<<<<<<<<<<<<
    krb5_free_creds(context, credspout); <<<<<<<< whoops! we free this.
    if (!ccache && use_ccache)
    krb5_cc_close(context, use_ccache);
    return(retval);
}

We should not free the credentials if they are returned.

>How-To-Repeat:
	<code/input/activities to reproduce the problem (multiple lines)>
>Fix:
	<how to correct or work around the problem, if known (multiple lines)>

*** sendauth.c	Mon Jan 27 11:28:12 1997
--- sendauth.c.orig	Mon Jan 27 11:28:09 1997
***************
*** 218,224 ****
  
  error_return:
      krb5_free_cred_contents(context, &creds);
!     if ( !out_creds && credspout)
  	krb5_free_creds(context, credspout); 
      if (!ccache && use_ccache)
  	krb5_cc_close(context, use_ccache);
--- 218,224 ----
  
  error_return:
      krb5_free_cred_contents(context, &creds);
!     if (credspout)
  	krb5_free_creds(context, credspout); 
      if (!ccache && use_ccache)
  	krb5_cc_close(context, use_ccache);
>Audit-Trail:
>Unformatted:
no
krb5_sendauth frees credentials even when returned to user
critical
high
krb5-libs
sw-bug

home help back first fref pref prev next nref lref last post