42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 390c515e13dffc8c00b44623cba47e27c2f20cf7 Mon Sep 17 00:00:00 2001
|
|
From: Greg Hudson <ghudson@mit.edu>
|
|
Date: Tue, 27 Mar 2018 10:36:05 -0400
|
|
Subject: [PATCH] Fix SPAKE memory leak
|
|
|
|
In the NIST group implementations, ossl_fini() needs to free the
|
|
groupdata container as well as its fields. Also in
|
|
spake_kdc.c:parse_data(), initialize the magic field of the resulting
|
|
data object to avoid a harmless uninitialized memory copy.
|
|
|
|
ticket: 8647
|
|
(cherry picked from commit 70b88b8018658e052d6eabf06f8fdad17fbe993c)
|
|
---
|
|
src/plugins/preauth/spake/openssl.c | 1 +
|
|
src/plugins/preauth/spake/spake_kdc.c | 1 +
|
|
2 files changed, 2 insertions(+)
|
|
|
|
diff --git a/src/plugins/preauth/spake/openssl.c b/src/plugins/preauth/spake/openssl.c
|
|
index b821a9158..f2e4b53ec 100644
|
|
--- a/src/plugins/preauth/spake/openssl.c
|
|
+++ b/src/plugins/preauth/spake/openssl.c
|
|
@@ -69,6 +69,7 @@ ossl_fini(groupdata *gd)
|
|
EC_POINT_free(gd->N);
|
|
BN_CTX_free(gd->ctx);
|
|
BN_free(gd->order);
|
|
+ free(gd);
|
|
}
|
|
|
|
static krb5_error_code
|
|
diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
|
|
index c1723ebaf..59e88409e 100644
|
|
--- a/src/plugins/preauth/spake/spake_kdc.c
|
|
+++ b/src/plugins/preauth/spake/spake_kdc.c
|
|
@@ -75,6 +75,7 @@ parse_data(struct k5input *in, krb5_data *out)
|
|
{
|
|
out->length = k5_input_get_uint32_be(in);
|
|
out->data = (char *)k5_input_get_bytes(in, out->length);
|
|
+ out->magic = KV5M_DATA;
|
|
}
|
|
|
|
/* Parse a received cookie into its components. The pointers stored in the
|