From 27ca1f267898c031020ab0f419c12cb3c307a1f8 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 27 Mar 2018 13:55:07 -0400
Subject: [PATCH] Fix SPAKE memory leak

Also fix build problem
---
 Fix-SPAKE-memory-leak.patch | 41 +++++++++++++++++++++++++++++++++++++
 krb5.spec                   |  7 ++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 Fix-SPAKE-memory-leak.patch

diff --git a/Fix-SPAKE-memory-leak.patch b/Fix-SPAKE-memory-leak.patch
new file mode 100644
index 0000000..c631a97
--- /dev/null
+++ b/Fix-SPAKE-memory-leak.patch
@@ -0,0 +1,41 @@
+From 9bfd14df2d6458dfef8d1a17af5247af21183e3d Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Tue, 27 Mar 2018 10:36:05 -0400
+Subject: [PATCH] Fix SPAKE memory leak
+
+In the NIST group implementations, ossl_fini() needs to free the
+groupdata container as well as its fields.  Also in
+spake_kdc.c:parse_data(), initialize the magic field of the resulting
+data object to avoid a harmless uninitialized memory copy.
+
+ticket: 8647
+(cherry picked from commit 70b88b8018658e052d6eabf06f8fdad17fbe993c)
+---
+ src/plugins/preauth/spake/openssl.c   | 1 +
+ src/plugins/preauth/spake/spake_kdc.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/plugins/preauth/spake/openssl.c b/src/plugins/preauth/spake/openssl.c
+index b821a9158..f2e4b53ec 100644
+--- a/src/plugins/preauth/spake/openssl.c
++++ b/src/plugins/preauth/spake/openssl.c
+@@ -69,6 +69,7 @@ ossl_fini(groupdata *gd)
+     EC_POINT_free(gd->N);
+     BN_CTX_free(gd->ctx);
+     BN_free(gd->order);
++    free(gd);
+ }
+ 
+ static krb5_error_code
+diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
+index c1723ebaf..59e88409e 100644
+--- a/src/plugins/preauth/spake/spake_kdc.c
++++ b/src/plugins/preauth/spake/spake_kdc.c
+@@ -75,6 +75,7 @@ parse_data(struct k5input *in, krb5_data *out)
+ {
+     out->length = k5_input_get_uint32_be(in);
+     out->data = (char *)k5_input_get_bytes(in, out->length);
++    out->magic = KV5M_DATA;
+ }
+ 
+ /* Parse a received cookie into its components.  The pointers stored in the
diff --git a/krb5.spec b/krb5.spec
index 9ba2b88..0f79518 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.16
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 16%{?dist}
+Release: 17%{?dist}
 
 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@@ -85,6 +85,7 @@ Patch58: Implement-k5_buf_init_dynamic_zap.patch
 Patch59: Use-k5_buf_init_dynamic_zap-where-appropriate.patch
 Patch60: Add-SPAKE-preauth-support.patch
 Patch61: Add-doc-index-entries-for-SPAKE-constants.patch
+Patch62: Fix-SPAKE-memory-leak.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -685,6 +686,7 @@ exit 0
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/*
 %{_libdir}/krb5/plugins/tls/k5tls.so
+%{_libdir}/krb5/plugins/preauth/spake.so
 %dir %{_var}/kerberos
 %dir %{_var}/kerberos/krb5
 %dir %{_var}/kerberos/krb5/user
@@ -734,6 +736,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Tue Mar 27 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-17
+- Fix SPAKE memory leak
+
 * Tue Mar 27 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-16
 - Fix gitignore problem with previous patchset