diff options
Diffstat (limited to 'lib/dns/spnego.c')
-rw-r--r-- | lib/dns/spnego.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 0486a72..0c1c858 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006-2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -630,8 +630,10 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status, sizeof(mechbuf), &init_token.mechTypes.val[i], &mech_len); - if (ret) + if (ret) { + free_NegTokenInit(&init_token); return (GSS_S_DEFECTIVE_TOKEN); + } if (mech_len == GSS_KRB5_MECH->length && memcmp(GSS_KRB5_MECH->elements, mechbuf + sizeof(mechbuf) - mech_len, @@ -650,8 +652,10 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status, } } - if (!found) + if (!found) { + free_NegTokenInit(&init_token); return (send_reject(minor_status, output_token)); + } if (i == 0 && init_token.mechToken != NULL) { ibuf.length = init_token.mechToken->length; @@ -669,12 +673,14 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status, time_rec, delegated_cred_handle); if (GSS_ERROR(major_status)) { + free_NegTokenInit(&init_token); send_reject(&minor_status2, output_token); return (major_status); } ot = &obuf; } ret = send_accept(&minor_status2, output_token, ot, pref); + free_NegTokenInit(&init_token); if (ot != NULL && ot->length != 0U) gss_release_buffer(&minor_status2, ot); @@ -846,10 +852,13 @@ der_get_octet_string(const unsigned char *p, size_t len, octet_string *data, size_t *size) { data->length = len; - data->data = malloc(len); - if (data->data == NULL && data->length != 0U) - return (ENOMEM); - memcpy(data->data, p, len); + if (len != 0U) { + data->data = malloc(len); + if (data->data == NULL) + return (ENOMEM); + memcpy(data->data, p, len); + } else + data->data = NULL; if (size) *size = len; return (0); @@ -862,6 +871,8 @@ der_get_oid(const unsigned char *p, size_t len, int n; size_t oldlen = len; + data->components = NULL; + data->length = 0; if (len < 1U) return (ASN1_OVERRUN); @@ -997,6 +1008,9 @@ decode_octet_string(const unsigned char *p, size_t len, int e; size_t slen; + k->data = NULL; + k->length = 0; + e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OctetString, &l); if (e) return (e); @@ -1547,6 +1561,11 @@ spnego_initial(OM_uint32 *minor_status, buf_size = 1024; buf = malloc(buf_size); + if (buf == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + goto end; + } do { ret = encode_NegTokenInit(buf + buf_size - 1, @@ -1685,6 +1704,7 @@ spnego_reply(OM_uint32 *minor_status, ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL); if (ret) { + free_NegTokenResp(&resp); *minor_status = ENOMEM; return (GSS_S_FAILURE); } |