Blame SOURCES/Always-free-ciphertext-data-in-gp_encrypt_buffer.patch
|
|
458df0 |
From 0c886210b7a740744e8319b3987845f2c27261e1 Mon Sep 17 00:00:00 2001
|
|
|
458df0 |
From: Simo Sorce <simo@redhat.com>
|
|
|
458df0 |
Date: Thu, 27 Aug 2020 15:35:40 -0400
|
|
|
458df0 |
Subject: [PATCH] Always free ciphertext data in gp_encrypt_buffer
|
|
|
458df0 |
|
|
|
458df0 |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
458df0 |
[rharwood@redhat.com: rewrote commit message]
|
|
|
458df0 |
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
458df0 |
(cherry picked from commit fe9e3c29caab90daf19028fb31ff28622d8708a9)
|
|
|
458df0 |
---
|
|
|
458df0 |
proxy/src/gp_export.c | 7 +++----
|
|
|
458df0 |
1 file changed, 3 insertions(+), 4 deletions(-)
|
|
|
458df0 |
|
|
|
458df0 |
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
|
|
|
458df0 |
index a5681c0..fb2f81b 100644
|
|
|
458df0 |
--- a/proxy/src/gp_export.c
|
|
|
458df0 |
+++ b/proxy/src/gp_export.c
|
|
|
458df0 |
@@ -308,10 +308,9 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
|
|
|
458df0 |
ret = gp_conv_octet_string(enc_handle.ciphertext.length,
|
|
|
458df0 |
enc_handle.ciphertext.data,
|
|
|
458df0 |
out);
|
|
|
458df0 |
- if (ret) {
|
|
|
458df0 |
- free(enc_handle.ciphertext.data);
|
|
|
458df0 |
- goto done;
|
|
|
458df0 |
- }
|
|
|
458df0 |
+ /* the conversion function copies the data, so free our copy
|
|
|
458df0 |
+ * unconditionally, or we leak */
|
|
|
458df0 |
+ free(enc_handle.ciphertext.data);
|
|
|
458df0 |
|
|
|
458df0 |
done:
|
|
|
458df0 |
free(padded);
|