From 0eb1e9eff91dbd080114e956155e03d29c401ac4 Mon Sep 17 00:00:00 2001 From: Karl Ramm Date: Sun, 29 Sep 2013 19:48:43 -0400 Subject: ZCheckSrvAuthentication: free the auth context and the authenticator way earlier --- server/kstuff.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/server/kstuff.c b/server/kstuff.c index bafd648..5e4cf87 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -441,28 +441,26 @@ ZCheckSrvAuthentication(ZNotice_t *notice, /* HOLDING: authctx, authenticator */ result = krb5_auth_con_getkey(Z_krb5_ctx, authctx, &keyblock); + krb5_auth_con_free(Z_krb5_ctx, authctx); + krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); if (result) { - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); syslog(LOG_WARNING, "ZCheckSrvAuthentication: krb5_auth_con_getkey failed: %s", error_message(result)); return (ZAUTH_FAILED); } - /* HOLDING: authctx, authenticator, keyblock */ + /* HOLDING: keyblock */ /* Figure out what checksum type to use */ key_data = Z_keydata(keyblock); key_len = Z_keylen(keyblock); result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype); if (result) { krb5_free_keyblock(Z_krb5_ctx, keyblock); - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); syslog(LOG_WARNING, "ZCheckSrvAuthentication: Z_ExtractEncCksum failed: %s", error_message(result)); return (ZAUTH_FAILED); } - /* HOLDING: authctx, authenticator, keyblock */ + /* HOLDING: keyblock */ if (realm == NULL) ZSetSession(keyblock); @@ -531,8 +529,6 @@ ZCheckSrvAuthentication(ZNotice_t *notice, our_checksum = compute_rlm_checksum(notice, key_data); krb5_free_keyblock(Z_krb5_ctx, keyblock); - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); if (our_checksum == notice->z_checksum) { return ZAUTH_YES; @@ -542,18 +538,16 @@ ZCheckSrvAuthentication(ZNotice_t *notice, } } - /* HOLDING: authctx, authenticator */ + /* HOLDING: keyblock */ cksumbuf.length = cksum0_len + cksum1_len + cksum2_len; cksumbuf.data = malloc(cksumbuf.length); if (!cksumbuf.data) { krb5_free_keyblock(Z_krb5_ctx, keyblock); - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); syslog(LOG_ERR, "ZCheckSrvAuthentication: malloc(cksumbuf.data): %m"); return ZAUTH_FAILED; } - /* HOLDING: authctx, authenticator, cksumbuf.data */ + /* HOLDING: keyblock, cksumbuf.data */ cksum_data = (unsigned char *)cksumbuf.data; memcpy(cksum_data, cksum0_base, cksum0_len); @@ -568,26 +562,22 @@ ZCheckSrvAuthentication(ZNotice_t *notice, asn1_data = malloc(asn1_len); if (!asn1_data) { krb5_free_keyblock(Z_krb5_ctx, keyblock); - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); free(cksumbuf.data); syslog(LOG_ERR, "ZCheckSrvAuthentication: malloc(asn1_data): %m"); return ZAUTH_FAILED; } - /* HOLDING: authctx, authenticator, cksumbuf.data, asn1_data */ + /* HOLDING: keyblock, cksumbuf.data, asn1_data */ result = ZReadZcode((unsigned char *)notice->z_ascii_checksum, asn1_data, asn1_len, &asn1_len); if (result != ZERR_NONE) { krb5_free_keyblock(Z_krb5_ctx, keyblock); - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); free(asn1_data); free(cksumbuf.data); syslog(LOG_WARNING, "ZCheckSrvAuthentication: ZReadZcode: %s", error_message(result)); return ZAUTH_FAILED; } - /* HOLDING: asn1_data, cksumbuf.data, authctx, authenticator */ + /* HOLDING: asn1_data, cksumbuf.data */ valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype, Z_KEYUSAGE_CLT_CKSUM, @@ -600,8 +590,6 @@ ZCheckSrvAuthentication(ZNotice_t *notice, asn1_data, asn1_len); free(asn1_data); - krb5_auth_con_free(Z_krb5_ctx, authctx); - krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT); krb5_free_keyblock(Z_krb5_ctx, keyblock); free(cksumbuf.data); -- cgit v1.2.3