[17231] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: [PATCH 4/4] Use gssalloc_malloc()/gssalloc_free() with

daemon@ATHENA.MIT.EDU (Kevin Wasserman)
Wed Sep 28 17:41:25 2011

Message-ID: <SNT101-DS1716FE0A86E42F3FC3BA43B5F10@phx.gbl>
From: "Kevin Wasserman" <krwasserman@hotmail.com>
To: "Nico Williams" <nico@cryptonector.com>,
   "Sam Hartman" <hartmans@painless-security.com>
In-Reply-To: <CAK3OfOiKoNvGSG=hv0=iSHmBu8Yw8xFqWO60y9CmNLpAV1KEOQ@mail.gmail.com>
Date: Wed, 28 Sep 2011 17:37:43 -0400
MIME-Version: 1.0
Cc: kevin.wasserman@painless-security.com, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Yes, sorry, I was just trying to consistently use gssalloc with all
gss_buffer_t; I'll fix the gss_sample applications to just use
malloc/free/gss_release_buffer as appropriate.

-Kevin

-----Original Message----- 
From: Nico Williams
Sent: Wednesday, September 28, 2011 5:03 PM
To: Sam Hartman
Cc: krbdev@mit.edu ; kevin.wasserman@painless-security.com
Subject: Re: [PATCH 4/4] Use gssalloc_malloc()/gssalloc_free() with 
gss_buffer_t.

On Wed, Sep 28, 2011 at 2:50 PM, Sam Hartman
<hartmans@painless-security.com> wrote:
> From: Kevin Wasserman <kevin.wasserman@painless-security.com>
>
> gss_buffer_t may be freed in a different module from where they
> are allocated so it is not safe to use malloc/free.
>
> Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
...


> diff --git a/src/appl/gss-sample/gss-client.c 
> b/src/appl/gss-sample/gss-client.c
> index 1cb797d..927681f 100644
> --- a/src/appl/gss-sample/gss-client.c
> +++ b/src/appl/gss-sample/gss-client.c
> @@ -65,6 +65,7 @@
>
>  #include <gssapi/gssapi_generic.h>
>  #include <gssapi/gssapi_krb5.h>
> +#include <gssapi/gssapi_alloc.h>
>  #include <gssapi/gssapi_ext.h>
>  #include "gss-misc.h"
>  #include "port-sockets.h"
> @@ -308,7 +309,7 @@ client_establish_context(int s, char *service_name, 
> OM_uint32 gss_flags,
>                                             NULL);  /* time_rec */
>
>             if (token_ptr != GSS_C_NO_BUFFER)
> -                free(recv_tok.value);
> +                gssalloc_free(recv_tok.value);

Er, no, none of the apps should be using new functions, only
gss_release_buffer() when they were free()ing (or, free() when they
were using gss_release_buffer() for application-allocated buffers).

Nico
-- 

_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
home help back first fref pref prev next nref lref last post