Overview

File 0128-Fix-two-unlikely-memory-leaks.patch of Package krb5.34410

From 44e5e8343a673dcd9b396d523b1cb670d5be07e3 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 5 Mar 2024 19:53:07 -0500
Subject: [PATCH] Fix two unlikely memory leaks

In gss_krb5int_make_seal_token_v3(), one of the bounds checks (which
could probably never be triggered) leaks plain.data.  Fix this leak
and use current practices for cleanup throughout the function.

In xmt_rmtcallres() (unused within the tree and likely elsewhere),
store port_ptr into crp->port_ptr as soon as it is allocated;
otherwise it could leak if the subsequent xdr_u_int32() operation
fails.

(cherry picked from commit c5f9c816107f70139de11b38aa02db2f1774ee0d)
---
 src/lib/gssapi/krb5/k5sealv3.c | 5 ++++-
 src/lib/rpc/pmap_rmt.c         | 9 +++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index e4c2c2f8f0..7e4de86c8c 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -194,8 +194,11 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
             return err;
 
         err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
-        if (err)
+        if (err) {
+            free(plain.data);
+            plain.data = 0;
             goto error;
+        }
 
         assert(cksumsize <= 0xffff);
 
diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c
index 10d9e3f62b..2935495cf4 100644
--- a/src/lib/rpc/pmap_rmt.c
+++ b/src/lib/rpc/pmap_rmt.c
@@ -162,11 +162,12 @@ xdr_rmtcallres(
 	caddr_t port_ptr;
 
 	port_ptr = (caddr_t)(void *)crp->port_ptr;
-	if (xdr_reference(xdrs, &port_ptr, sizeof (uint32_t),
-	    xdr_u_int32) && xdr_u_int32(xdrs, &crp->resultslen)) {
-		crp->port_ptr = (uint32_t *)(void *)port_ptr;
+	if (!xdr_reference(xdrs, &port_ptr, sizeof (uint32_t),
+			   (xdrproc_t)xdr_u_int32))
+		return (FALSE);
+	crp->port_ptr = (uint32_t *)(void *)port_ptr;
+	if (xdr_u_int32(xdrs, &crp->resultslen))
 		return ((*(crp->xdr_results))(xdrs, crp->results_ptr));
-	}
 	return (FALSE);
 }
 
-- 
2.45.2
openSUSE Build Service is sponsored by
Places