The branch, master has been updated via a6c5747... heimdal - remove unused variable via dc5e0d8... heimdal - fix overlapped identifiers in the "krb5" library via 973001e... heimdal - free always "ctx->password" when it isn't needed anymore via bdc0372... s4:auth/kerberos/kerberos.c - fix also here a memory leak via 36175be... libcli/auth/schannel_state_tdb.c - fix a memory leak via 4c29a4e... s4:wb_cmd_getgroups - fix failure in s4 winbind's "getgroups" from c323629... s4-smbtorture: use random buffer for extended SetValue test in RPC-WINREG.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a6c57472ab144eb6d77cc85f56d7bd3152146b1d Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Tue Mar 16 17:07:04 2010 +0100 heimdal - remove unused variable commit dc5e0d84641173b7f710f0a735970f5dd2c27d38 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Tue Mar 16 16:53:39 2010 +0100 heimdal - fix overlapped identifiers in the "krb5" library commit 973001e91a3988f4338f88599acbf4ab8978e1c9 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Tue Mar 16 16:26:25 2010 +0100 heimdal - free always "ctx->password" when it isn't needed anymore "strdup" does always create a new object in the memory (through "malloc") which needs to be freed if it isn't used anymore. commit bdc0372f8a6116b3be7cd8bd6d398c0f1929ae68 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Tue Mar 16 16:29:46 2010 +0100 s4:auth/kerberos/kerberos.c - fix also here a memory leak The options need to be freed also on this error case. commit 36175be5d4dbbd1545db4ac7de98d9293b897188 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Tue Mar 16 16:23:57 2010 +0100 libcli/auth/schannel_state_tdb.c - fix a memory leak commit 4c29a4e12683a6826104f5974a86d07fb6346266 Author: Matthias Dieter Wallnöfer <mwallnoe...@yahoo.de> Date: Tue Mar 16 16:00:34 2010 +0100 s4:wb_cmd_getgroups - fix failure in s4 winbind's "getgroups" ----------------------------------------------------------------------- Summary of changes: libcli/auth/schannel_state_tdb.c | 1 + source4/auth/kerberos/kerberos.c | 1 + source4/heimdal/lib/krb5/crypto.c | 6 +++--- source4/heimdal/lib/krb5/get_cred.c | 1 - source4/heimdal/lib/krb5/init_creds_pw.c | 8 +++++--- source4/heimdal/lib/krb5/pkinit.c | 12 ++++++------ source4/winbind/wb_cmd_getgroups.c | 2 +- 7 files changed, 17 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index d1e5ed0..c1557e8 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -223,6 +223,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_wrap *tdb_sc, done: talloc_free(keystr); + SAFE_FREE(value.dptr); if (!NT_STATUS_IS_OK(status)) { talloc_free(creds); diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 8df54cc..d4549ee 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -100,6 +100,7 @@ if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password, NULL, NULL, 0, NULL, options))) { + krb5_get_init_creds_opt_free(ctx, options); return code; } diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 8cc7b06..745c856 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -2043,13 +2043,13 @@ evp_encrypt(krb5_context context, c = encryptp ? &ctx->ectx : &ctx->dctx; if (ivec == NULL) { /* alloca ? */ - size_t len = EVP_CIPHER_CTX_iv_length(c); - void *loiv = malloc(len); + size_t len2 = EVP_CIPHER_CTX_iv_length(c); + void *loiv = malloc(len2); if (loiv == NULL) { krb5_clear_error_message(context); return ENOMEM; } - memset(loiv, 0, len); + memset(loiv, 0, len2); EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); free(loiv); } else diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 7072137..e921cf0 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -145,7 +145,6 @@ init_tgs_req (krb5_context context, { krb5_auth_context ac = NULL; krb5_error_code ret = 0; - krb5_keyblock *key = NULL; memset(t, 0, sizeof(*t)); t->pvno = 5; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index b615f53..5901c55 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -107,6 +107,8 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) free (ctx->pre_auth_types); if (ctx->in_tkt_service) free(ctx->in_tkt_service); + if (ctx->password) + free(ctx->password); if (ctx->keytab_data) free(ctx->keytab_data); krb5_data_free(&ctx->req_buffer); @@ -1354,7 +1356,7 @@ krb5_init_creds_set_password(krb5_context context, const char *password) { if (ctx->password) - memset(ctx->password, 0, strlen(ctx->password)); + free(ctx->password); if (password) { ctx->password = strdup(password); if (ctx->password == NULL) { @@ -1893,7 +1895,7 @@ krb5_get_init_creds_password(krb5_context context, if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) { - char buf[1024]; + char buf2[1024]; /* try to avoid recursion */ if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw") == 0) @@ -1906,7 +1908,7 @@ krb5_get_init_creds_password(krb5_context context, ret = change_password (context, client, ctx->password, - buf, + buf2, sizeof(buf), prompter, data, diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index f6457aa..341f6a3 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -1170,10 +1170,10 @@ pk_rd_pa_reply_enckey(krb5_context context, /* win2k uses ContentInfo */ if (type == PKINIT_WIN2K) { - heim_oid type; + heim_oid type2; heim_octet_string out; - ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); + ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); if (ret) { /* windows LH with interesting CMS packets */ size_t ph = 1 + der_length_len(content.length); @@ -1190,19 +1190,19 @@ pk_rd_pa_reply_enckey(krb5_context context, content.data = ptr; content.length += ph; - ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); + ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); if (ret) goto out; } - if (der_heim_oid_cmp(&type, &asn1_oid_id_pkcs7_signedData)) { + if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) { ret = EINVAL; /* XXX */ krb5_set_error_message(context, ret, N_("PKINIT: Invalid content type", "")); - der_free_oid(&type); + der_free_oid(&type2); der_free_octet_string(&out); goto out; } - der_free_oid(&type); + der_free_oid(&type2); krb5_data_free(&content); ret = krb5_data_copy(&content, out.data, out.length); der_free_octet_string(&out); diff --git a/source4/winbind/wb_cmd_getgroups.c b/source4/winbind/wb_cmd_getgroups.c index 2262f68..d1a88b2 100644 --- a/source4/winbind/wb_cmd_getgroups.c +++ b/source4/winbind/wb_cmd_getgroups.c @@ -71,7 +71,7 @@ struct composite_context *wb_cmd_getgroups_send(TALLOC_CTX *mem_ctx, state->num_groups = 0; state->username = talloc_strdup(state,username); - if (composite_nomem(ctx, result)) return result; + if (composite_nomem(state->username, result)) return result; ctx = wb_cmd_getpwnam_send(state, service, username); if (composite_nomem(ctx, result)) return result; -- Samba Shared Repository