The branch, master has been updated
via a6c5747... heimdal - remove unused variable
via dc5e0d8... heimdal - fix overlapped identifiers in the "krb5"
library
via 973001e... heimdal - free always "ctx->password" when it isn't
needed anymore
via bdc0372... s4:auth/kerberos/kerberos.c - fix also here a memory leak
via 36175be... libcli/auth/schannel_state_tdb.c - fix a memory leak
via 4c29a4e... s4:wb_cmd_getgroups - fix failure in s4 winbind's
"getgroups"
from c323629... s4-smbtorture: use random buffer for extended SetValue
test in RPC-WINREG.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a6c57472ab144eb6d77cc85f56d7bd3152146b1d
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 16 17:07:04 2010 +0100
heimdal - remove unused variable
commit dc5e0d84641173b7f710f0a735970f5dd2c27d38
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 16 16:53:39 2010 +0100
heimdal - fix overlapped identifiers in the "krb5" library
commit 973001e91a3988f4338f88599acbf4ab8978e1c9
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 16 16:26:25 2010 +0100
heimdal - free always "ctx->password" when it isn't needed anymore
"strdup" does always create a new object in the memory (through "malloc")
which
needs to be freed if it isn't used anymore.
commit bdc0372f8a6116b3be7cd8bd6d398c0f1929ae68
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 16 16:29:46 2010 +0100
s4:auth/kerberos/kerberos.c - fix also here a memory leak
The options need to be freed also on this error case.
commit 36175be5d4dbbd1545db4ac7de98d9293b897188
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 16 16:23:57 2010 +0100
libcli/auth/schannel_state_tdb.c - fix a memory leak
commit 4c29a4e12683a6826104f5974a86d07fb6346266
Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de>
Date: Tue Mar 16 16:00:34 2010 +0100
s4:wb_cmd_getgroups - fix failure in s4 winbind's "getgroups"
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/schannel_state_tdb.c | 1 +
source4/auth/kerberos/kerberos.c | 1 +
source4/heimdal/lib/krb5/crypto.c | 6 +++---
source4/heimdal/lib/krb5/get_cred.c | 1 -
source4/heimdal/lib/krb5/init_creds_pw.c | 8 +++++---
source4/heimdal/lib/krb5/pkinit.c | 12 ++++++------
source4/winbind/wb_cmd_getgroups.c | 2 +-
7 files changed, 17 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index d1e5ed0..c1557e8 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -223,6 +223,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_wrap
*tdb_sc,
done:
talloc_free(keystr);
+ SAFE_FREE(value.dptr);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(creds);
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 8df54cc..d4549ee 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -100,6 +100,7 @@
if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal,
password,
NULL,
NULL, 0, NULL, options))) {
+ krb5_get_init_creds_opt_free(ctx, options);
return code;
}
diff --git a/source4/heimdal/lib/krb5/crypto.c
b/source4/heimdal/lib/krb5/crypto.c
index 8cc7b06..745c856 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -2043,13 +2043,13 @@ evp_encrypt(krb5_context context,
c = encryptp ? &ctx->ectx : &ctx->dctx;
if (ivec == NULL) {
/* alloca ? */
- size_t len = EVP_CIPHER_CTX_iv_length(c);
- void *loiv = malloc(len);
+ size_t len2 = EVP_CIPHER_CTX_iv_length(c);
+ void *loiv = malloc(len2);
if (loiv == NULL) {
krb5_clear_error_message(context);
return ENOMEM;
}
- memset(loiv, 0, len);
+ memset(loiv, 0, len2);
EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);
free(loiv);
} else
diff --git a/source4/heimdal/lib/krb5/get_cred.c
b/source4/heimdal/lib/krb5/get_cred.c
index 7072137..e921cf0 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -145,7 +145,6 @@ init_tgs_req (krb5_context context,
{
krb5_auth_context ac = NULL;
krb5_error_code ret = 0;
- krb5_keyblock *key = NULL;
memset(t, 0, sizeof(*t));
t->pvno = 5;
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c
b/source4/heimdal/lib/krb5/init_creds_pw.c
index b615f53..5901c55 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -107,6 +107,8 @@ free_init_creds_ctx(krb5_context context,
krb5_init_creds_context ctx)
free (ctx->pre_auth_types);
if (ctx->in_tkt_service)
free(ctx->in_tkt_service);
+ if (ctx->password)
+ free(ctx->password);
if (ctx->keytab_data)
free(ctx->keytab_data);
krb5_data_free(&ctx->req_buffer);
@@ -1354,7 +1356,7 @@ krb5_init_creds_set_password(krb5_context context,
const char *password)
{
if (ctx->password)
- memset(ctx->password, 0, strlen(ctx->password));
+ free(ctx->password);
if (password) {
ctx->password = strdup(password);
if (ctx->password == NULL) {
@@ -1893,7 +1895,7 @@ krb5_get_init_creds_password(krb5_context context,
if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) {
- char buf[1024];
+ char buf2[1024];
/* try to avoid recursion */
if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw")
== 0)
@@ -1906,7 +1908,7 @@ krb5_get_init_creds_password(krb5_context context,
ret = change_password (context,
client,
ctx->password,
- buf,
+ buf2,
sizeof(buf),
prompter,
data,
diff --git a/source4/heimdal/lib/krb5/pkinit.c
b/source4/heimdal/lib/krb5/pkinit.c
index f6457aa..341f6a3 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -1170,10 +1170,10 @@ pk_rd_pa_reply_enckey(krb5_context context,
/* win2k uses ContentInfo */
if (type == PKINIT_WIN2K) {
- heim_oid type;
+ heim_oid type2;
heim_octet_string out;
- ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
+ ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
if (ret) {
/* windows LH with interesting CMS packets */
size_t ph = 1 + der_length_len(content.length);
@@ -1190,19 +1190,19 @@ pk_rd_pa_reply_enckey(krb5_context context,
content.data = ptr;
content.length += ph;
- ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
+ ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
if (ret)
goto out;
}
- if (der_heim_oid_cmp(&type, &asn1_oid_id_pkcs7_signedData)) {
+ if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) {
ret = EINVAL; /* XXX */
krb5_set_error_message(context, ret,
N_("PKINIT: Invalid content type", ""));
- der_free_oid(&type);
+ der_free_oid(&type2);
der_free_octet_string(&out);
goto out;
}
- der_free_oid(&type);
+ der_free_oid(&type2);
krb5_data_free(&content);
ret = krb5_data_copy(&content, out.data, out.length);
der_free_octet_string(&out);
diff --git a/source4/winbind/wb_cmd_getgroups.c
b/source4/winbind/wb_cmd_getgroups.c
index 2262f68..d1a88b2 100644
--- a/source4/winbind/wb_cmd_getgroups.c
+++ b/source4/winbind/wb_cmd_getgroups.c
@@ -71,7 +71,7 @@ struct composite_context *wb_cmd_getgroups_send(TALLOC_CTX
*mem_ctx,
state->num_groups = 0;
state->username = talloc_strdup(state,username);
- if (composite_nomem(ctx, result)) return result;
+ if (composite_nomem(state->username, result)) return result;
ctx = wb_cmd_getpwnam_send(state, service, username);
if (composite_nomem(ctx, result)) return result;
--
Samba Shared Repository
