Blame SOURCES/Always-free-ciphertext-data-in-gp_encrypt_buffer.patch
|
 |
9af0d9 |
From ccac7b766cd871aa0baeaebd697b386a47c28812 Mon Sep 17 00:00:00 2001
|
|
|
9af0d9 |
From: Simo Sorce <simo@redhat.com>
|
|
|
9af0d9 |
Date: Thu, 27 Aug 2020 15:35:40 -0400
|
|
|
9af0d9 |
Subject: [PATCH] Always free ciphertext data in gp_encrypt_buffer
|
|
|
9af0d9 |
|
|
|
9af0d9 |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
9af0d9 |
[rharwood@redhat.com: rewrote commit message]
|
|
|
9af0d9 |
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
9af0d9 |
(cherry picked from commit fe9e3c29caab90daf19028fb31ff28622d8708a9)
|
|
|
9af0d9 |
(cherry picked from commit d9a37354c9a040b151fbd737b84b7cacb315ec9d)
|
|
|
9af0d9 |
---
|
|
|
9af0d9 |
src/gp_export.c | 7 +++----
|
|
|
9af0d9 |
1 file changed, 3 insertions(+), 4 deletions(-)
|
|
|
9af0d9 |
|
|
|
9af0d9 |
diff --git a/src/gp_export.c b/src/gp_export.c
|
|
|
9af0d9 |
index a5681c0..fb2f81b 100644
|
|
|
9af0d9 |
--- a/src/gp_export.c
|
|
|
9af0d9 |
+++ b/src/gp_export.c
|
|
|
9af0d9 |
@@ -308,10 +308,9 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
|
|
|
9af0d9 |
ret = gp_conv_octet_string(enc_handle.ciphertext.length,
|
|
|
9af0d9 |
enc_handle.ciphertext.data,
|
|
|
9af0d9 |
out);
|
|
|
9af0d9 |
- if (ret) {
|
|
|
9af0d9 |
- free(enc_handle.ciphertext.data);
|
|
|
9af0d9 |
- goto done;
|
|
|
9af0d9 |
- }
|
|
|
9af0d9 |
+ /* the conversion function copies the data, so free our copy
|
|
|
9af0d9 |
+ * unconditionally, or we leak */
|
|
|
9af0d9 |
+ free(enc_handle.ciphertext.data);
|
|
|
9af0d9 |
|
|
|
9af0d9 |
done:
|
|
|
9af0d9 |
free(padded);
|