gssproxy/SOURCES/Always-free-ciphertext-data-in-gp_encrypt_buffer.patch
2021-10-08 11:40:13 +00:00

33 lines
1.2 KiB
Diff

From ccac7b766cd871aa0baeaebd697b386a47c28812 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 27 Aug 2020 15:35:40 -0400
Subject: [PATCH] Always free ciphertext data in gp_encrypt_buffer
Signed-off-by: Simo Sorce <simo@redhat.com>
[rharwood@redhat.com: rewrote commit message]
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit fe9e3c29caab90daf19028fb31ff28622d8708a9)
(cherry picked from commit d9a37354c9a040b151fbd737b84b7cacb315ec9d)
---
src/gp_export.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/gp_export.c b/src/gp_export.c
index a5681c0..fb2f81b 100644
--- a/src/gp_export.c
+++ b/src/gp_export.c
@@ -308,10 +308,9 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
ret = gp_conv_octet_string(enc_handle.ciphertext.length,
enc_handle.ciphertext.data,
out);
- if (ret) {
- free(enc_handle.ciphertext.data);
- goto done;
- }
+ /* the conversion function copies the data, so free our copy
+ * unconditionally, or we leak */
+ free(enc_handle.ciphertext.data);
done:
free(padded);