diff options
| author | Chris Love <cjlove@san.rr.com> | 2010-10-13 19:45:07 -0700 |
|---|---|---|
| committer | Chris Love <cjlove@san.rr.com> | 2010-10-13 19:45:07 -0700 |
| commit | 4aed303fe6fe4f743ab401f6fafa1c161060c57b (patch) | |
| tree | 778c02773e91b3cf066b5e5bf0cf50880de24427 /usr | |
| parent | e5f4d43e3fa0e37ce1873d5e19770f8a8bb9b826 (diff) | |
| download | illumos-joyent-4aed303fe6fe4f743ab401f6fafa1c161060c57b.tar.gz | |
171 adt_get_mask_from_user frees memory before it's used
172 duplicate free in gss_accept_sec_context
173 duplicate free in spnego_gss_accept_sec_context
Reviewed by: gordon.w.ross@gmail.com
Reviewed by: garrett@nexenta.com
Approved by: garrett@nexenta.com
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c | 2 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/adt.c | 3 | ||||
| -rw-r--r-- | usr/src/lib/libgss/g_accept_sec_context.c | 7 |
3 files changed, 5 insertions, 7 deletions
diff --git a/usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c b/usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c index 72884ce672..472199adae 100644 --- a/usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c +++ b/usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c @@ -1248,7 +1248,7 @@ make_NegHints(OM_uint32 *minor_status, &hintNameBuf, &hintNameType); if (major_status != GSS_S_COMPLETE) { - gss_release_name(&minor, &hintName); + gss_release_name(&minor, &hintKerberosName); return (major_status); } gss_release_name(&minor, &hintKerberosName); diff --git a/usr/src/lib/libbsm/common/adt.c b/usr/src/lib/libbsm/common/adt.c index 0fa5428f89..8c7b299e32 100644 --- a/usr/src/lib/libbsm/common/adt.c +++ b/usr/src/lib/libbsm/common/adt.c @@ -204,11 +204,12 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask) free(pwd_buff); return (-1); } - free(pwd_buff); if (au_user_mask(pwd.pw_name, mask)) { + free(pwd_buff); errno = EFAULT; /* undetermined failure */ return (-1); } + free(pwd_buff); } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) { return (-1); } diff --git a/usr/src/lib/libgss/g_accept_sec_context.c b/usr/src/lib/libgss/g_accept_sec_context.c index 00da05bb1c..7858f5670f 100644 --- a/usr/src/lib/libgss/g_accept_sec_context.c +++ b/usr/src/lib/libgss/g_accept_sec_context.c @@ -223,6 +223,8 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ * First call the mechanism specific display_name() * then call gss_import_name() to create * the union name struct cast to src_name + * NB: __gss_convert_name_to_union_name will + * "consume" (free) the name. */ if (internal_name != NULL) { temp_status = __gss_convert_name_to_union_name( @@ -235,11 +237,6 @@ gss_cred_id_t *d_cred; /* delegated cred handle */ (void) gss_release_buffer( &t_minstat, output_token); - if (internal_name != GSS_C_NO_NAME) - mech->gss_release_name( - mech->context, - &t_minstat, - &internal_name); return (temp_status); } if (src_name != NULL) { |