diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-02-22 14:42:12 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-02-22 14:42:26 +0000 |
commit | eab4343d4108ba85530b8141ae3fe0a2242cd72b (patch) | |
tree | 872fec9ab18ec4f98affaa57918efeda327cdf30 | |
parent | bdd0013fdbf7e436512b3e0ef1d7d2c4befac656 (diff) | |
download | alpine_aports-eab4343d4108ba85530b8141ae3fe0a2242cd72b.tar.bz2 alpine_aports-eab4343d4108ba85530b8141ae3fe0a2242cd72b.tar.xz alpine_aports-eab4343d4108ba85530b8141ae3fe0a2242cd72b.zip |
main/krb5: security fixes (CVE-2015-8629, CVE-2015-8630, CVE-2015-8631). Fixes #5125
-rw-r--r-- | main/krb5/APKBUILD | 14 | ||||
-rw-r--r-- | main/krb5/CVE-2015-8629.patch | 45 | ||||
-rw-r--r-- | main/krb5/CVE-2015-8630.patch | 75 | ||||
-rw-r--r-- | main/krb5/CVE-2015-8631.patch | 570 |
4 files changed, 703 insertions, 1 deletions
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD index a64532d81c..0c2ea86cb4 100644 --- a/main/krb5/APKBUILD +++ b/main/krb5/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=krb5 | 2 | pkgname=krb5 |
3 | pkgver=1.14 | 3 | pkgver=1.14 |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | 5 | ||
6 | case $pkgver in | 6 | case $pkgver in |
7 | *.*.*) _ver=${pkgver%.*};; | 7 | *.*.*) _ver=${pkgver%.*};; |
@@ -22,6 +22,9 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-server | |||
22 | $pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs" | 22 | $pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs" |
23 | source="http://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz | 23 | source="http://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz |
24 | mit-krb5_krb5-config_LDFLAGS.patch | 24 | mit-krb5_krb5-config_LDFLAGS.patch |
25 | CVE-2015-8629.patch | ||
26 | CVE-2015-8630.patch | ||
27 | CVE-2015-8631.patch | ||
25 | 28 | ||
26 | krb5kadmind.initd | 29 | krb5kadmind.initd |
27 | krb5kdc.initd | 30 | krb5kdc.initd |
@@ -119,16 +122,25 @@ libs() { | |||
119 | } | 122 | } |
120 | md5sums="0727968764d0208388b85ad31aafde24 krb5-1.14.tar.gz | 123 | md5sums="0727968764d0208388b85ad31aafde24 krb5-1.14.tar.gz |
121 | c84a0c7d8014e3528524956ffdd1c3e9 mit-krb5_krb5-config_LDFLAGS.patch | 124 | c84a0c7d8014e3528524956ffdd1c3e9 mit-krb5_krb5-config_LDFLAGS.patch |
125 | 51bfc721a58e4dd28ebcf2f600ff3455 CVE-2015-8629.patch | ||
126 | f8b6f512f94dcad5bfdc1250beaf2d11 CVE-2015-8630.patch | ||
127 | 380b86bdaa1303a6bc7b0cc3672c3e43 CVE-2015-8631.patch | ||
122 | 9c0e3bac122326cdbbbac068056ee8af krb5kadmind.initd | 128 | 9c0e3bac122326cdbbbac068056ee8af krb5kadmind.initd |
123 | 71131479c07a2d89b30a2ea18dd64e74 krb5kdc.initd | 129 | 71131479c07a2d89b30a2ea18dd64e74 krb5kdc.initd |
124 | d94873a6a1ac6277adf2d25458eda9e5 krb5kpropd.initd" | 130 | d94873a6a1ac6277adf2d25458eda9e5 krb5kpropd.initd" |
125 | sha256sums="cedb07fad8331e3ff2983d26e977a2ddba622f379c2b19bfea85bd695930f9e9 krb5-1.14.tar.gz | 131 | sha256sums="cedb07fad8331e3ff2983d26e977a2ddba622f379c2b19bfea85bd695930f9e9 krb5-1.14.tar.gz |
126 | 84007c7423f67db7a8b248b9643c49ef25f2d56ce15c2574eb41ecbf51bcd3f2 mit-krb5_krb5-config_LDFLAGS.patch | 132 | 84007c7423f67db7a8b248b9643c49ef25f2d56ce15c2574eb41ecbf51bcd3f2 mit-krb5_krb5-config_LDFLAGS.patch |
133 | 6c462dfa8202be953d3b9dc2acecb94b3576663caf7a1ceb1275b1dcb6b11171 CVE-2015-8629.patch | ||
134 | d87154deff5284b1a22d0c31de1b3c6276e4c2a94d7951b3cb31ed1b2ef405da CVE-2015-8630.patch | ||
135 | 7c1860aeba4b0712b1fd0b46ed6acc882f36a5b5b7cbcaa8e496baca65bc881a CVE-2015-8631.patch | ||
127 | 213a5b04f091e4644e856aabc38da586bd86c4616ab15f00eefca52fca7137d6 krb5kadmind.initd | 136 | 213a5b04f091e4644e856aabc38da586bd86c4616ab15f00eefca52fca7137d6 krb5kadmind.initd |
128 | 577842c7fe4639a8e9dd349da40e514284dd53440bb71be58283faaf18508f9a krb5kdc.initd | 137 | 577842c7fe4639a8e9dd349da40e514284dd53440bb71be58283faaf18508f9a krb5kdc.initd |
129 | 1644639d83791bd871f3c89a53a7052ab52994d3ef03d1d675d4217130c1fa94 krb5kpropd.initd" | 138 | 1644639d83791bd871f3c89a53a7052ab52994d3ef03d1d675d4217130c1fa94 krb5kpropd.initd" |
130 | sha512sums="b33a85b37f6038e34ba4038c9d1cc6a0df027652cbeccd24e39b323a1ed1bc16305099df04654c80ba7e6b56bd3d3c2df95758add888f9ef8535cb78443684ff krb5-1.14.tar.gz | 139 | sha512sums="b33a85b37f6038e34ba4038c9d1cc6a0df027652cbeccd24e39b323a1ed1bc16305099df04654c80ba7e6b56bd3d3c2df95758add888f9ef8535cb78443684ff krb5-1.14.tar.gz |
131 | 5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch | 140 | 5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch |
141 | a4791794fc8cd675605ed0f9d39b099b2e83713c7038648529906490c36b1e92739f05ba6f5a1be9923459a01b45ffb04129e23313873fea2fd41c45f7f42f90 CVE-2015-8629.patch | ||
142 | c91415ff810ea1b3d8ba80d005bc40bb3595be4b7610b69d6c8c97bdcb290c1eb400997ccb091863d558bfb8a4cbb8f00557a690f60c0ada700ba76194960b0a CVE-2015-8630.patch | ||
143 | 59b70cf6aa3f462fe8dab0f02e7f649f9615c5e40ad43517a9b9febd2c5d87b0d38f3e620ad6dd006c9ecbc9a4bbcab39655e518c6d37fbe74f40a888545ae79 CVE-2015-8631.patch | ||
132 | 43b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd | 144 | 43b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd |
133 | ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd | 145 | ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd |
134 | 45be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd" | 146 | 45be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd" |
diff --git a/main/krb5/CVE-2015-8629.patch b/main/krb5/CVE-2015-8629.patch new file mode 100644 index 0000000000..1106460205 --- /dev/null +++ b/main/krb5/CVE-2015-8629.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001 | ||
2 | From: Greg Hudson <ghudson@mit.edu> | ||
3 | Date: Fri, 8 Jan 2016 12:45:25 -0500 | ||
4 | Subject: [PATCH] Verify decoded kadmin C strings [CVE-2015-8629] | ||
5 | |||
6 | In xdr_nullstring(), check that the decoded string is terminated with | ||
7 | a zero byte and does not contain any internal zero bytes. | ||
8 | |||
9 | CVE-2015-8629: | ||
10 | |||
11 | In all versions of MIT krb5, an authenticated attacker can cause | ||
12 | kadmind to read beyond the end of allocated memory by sending a string | ||
13 | without a terminating zero byte. Information leakage may be possible | ||
14 | for an attacker with permission to modify the database. | ||
15 | |||
16 | CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C | ||
17 | |||
18 | ticket: 8341 (new) | ||
19 | target_version: 1.14-next | ||
20 | target_version: 1.13-next | ||
21 | tags: pullup | ||
22 | --- | ||
23 | src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++- | ||
24 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
25 | |||
26 | diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c | ||
27 | index 2bef858..ba67084 100644 | ||
28 | --- a/src/lib/kadm5/kadm_rpc_xdr.c | ||
29 | +++ b/src/lib/kadm5/kadm_rpc_xdr.c | ||
30 | @@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp) | ||
31 | return FALSE; | ||
32 | } | ||
33 | } | ||
34 | - return (xdr_opaque(xdrs, *objp, size)); | ||
35 | + if (!xdr_opaque(xdrs, *objp, size)) | ||
36 | + return FALSE; | ||
37 | + /* Check that the unmarshalled bytes are a C string. */ | ||
38 | + if ((*objp)[size - 1] != '\0') | ||
39 | + return FALSE; | ||
40 | + if (memchr(*objp, '\0', size - 1) != NULL) | ||
41 | + return FALSE; | ||
42 | + return TRUE; | ||
43 | |||
44 | case XDR_ENCODE: | ||
45 | if (size != 0) | ||
diff --git a/main/krb5/CVE-2015-8630.patch b/main/krb5/CVE-2015-8630.patch new file mode 100644 index 0000000000..72fefeb896 --- /dev/null +++ b/main/krb5/CVE-2015-8630.patch | |||
@@ -0,0 +1,75 @@ | |||
1 | From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001 | ||
2 | From: Greg Hudson <ghudson@mit.edu> | ||
3 | Date: Fri, 8 Jan 2016 12:52:28 -0500 | ||
4 | Subject: [PATCH] Check for null kadm5 policy name [CVE-2015-8630] | ||
5 | |||
6 | In kadm5_create_principal_3() and kadm5_modify_principal(), check for | ||
7 | entry->policy being null when KADM5_POLICY is included in the mask. | ||
8 | |||
9 | CVE-2015-8630: | ||
10 | |||
11 | In MIT krb5 1.12 and later, an authenticated attacker with permission | ||
12 | to modify a principal entry can cause kadmind to dereference a null | ||
13 | pointer by supplying a null policy value but including KADM5_POLICY in | ||
14 | the mask. | ||
15 | |||
16 | CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C | ||
17 | |||
18 | ticket: 8342 (new) | ||
19 | target_version: 1.14-next | ||
20 | target_version: 1.13-next | ||
21 | tags: pullup | ||
22 | --- | ||
23 | src/lib/kadm5/srv/svr_principal.c | 12 ++++++++---- | ||
24 | 1 file changed, 8 insertions(+), 4 deletions(-) | ||
25 | |||
26 | diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c | ||
27 | index 5b95fa3..1d4365c 100644 | ||
28 | --- a/src/lib/kadm5/srv/svr_principal.c | ||
29 | +++ b/src/lib/kadm5/srv/svr_principal.c | ||
30 | @@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle, | ||
31 | /* | ||
32 | * Argument sanity checking, and opening up the DB | ||
33 | */ | ||
34 | + if (entry == NULL) | ||
35 | + return EINVAL; | ||
36 | if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || | ||
37 | (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || | ||
38 | (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || | ||
39 | @@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle, | ||
40 | return KADM5_BAD_MASK; | ||
41 | if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0) | ||
42 | return KADM5_BAD_MASK; | ||
43 | + if((mask & KADM5_POLICY) && entry->policy == NULL) | ||
44 | + return KADM5_BAD_MASK; | ||
45 | if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) | ||
46 | return KADM5_BAD_MASK; | ||
47 | if((mask & ~ALL_PRINC_MASK)) | ||
48 | return KADM5_BAD_MASK; | ||
49 | - if (entry == NULL) | ||
50 | - return EINVAL; | ||
51 | |||
52 | /* | ||
53 | * Check to see if the principal exists | ||
54 | @@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle, | ||
55 | |||
56 | krb5_clear_error_message(handle->context); | ||
57 | |||
58 | + if(entry == NULL) | ||
59 | + return EINVAL; | ||
60 | if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || | ||
61 | (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || | ||
62 | (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || | ||
63 | @@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle, | ||
64 | return KADM5_BAD_MASK; | ||
65 | if((mask & ~ALL_PRINC_MASK)) | ||
66 | return KADM5_BAD_MASK; | ||
67 | + if((mask & KADM5_POLICY) && entry->policy == NULL) | ||
68 | + return KADM5_BAD_MASK; | ||
69 | if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) | ||
70 | return KADM5_BAD_MASK; | ||
71 | - if(entry == (kadm5_principal_ent_t) NULL) | ||
72 | - return EINVAL; | ||
73 | if (mask & KADM5_TL_DATA) { | ||
74 | tl_data_orig = entry->tl_data; | ||
75 | while (tl_data_orig) { | ||
diff --git a/main/krb5/CVE-2015-8631.patch b/main/krb5/CVE-2015-8631.patch new file mode 100644 index 0000000000..038ad48100 --- /dev/null +++ b/main/krb5/CVE-2015-8631.patch | |||
@@ -0,0 +1,570 @@ | |||
1 | From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Greg Hudson <ghudson@mit.edu> | ||
3 | Date: Fri, 8 Jan 2016 13:16:54 -0500 | ||
4 | Subject: [PATCH] Fix leaks in kadmin server stubs [CVE-2015-8631] | ||
5 | |||
6 | In each kadmind server stub, initialize the client_name and | ||
7 | server_name variables, and release them in the cleanup handler. Many | ||
8 | of the stubs will otherwise leak the client and server name if | ||
9 | krb5_unparse_name() fails. Also make sure to free the prime_arg | ||
10 | variables in rename_principal_2_svc(), or we can leak the first one if | ||
11 | unparsing the second one fails. Discovered by Simo Sorce. | ||
12 | |||
13 | CVE-2015-8631: | ||
14 | |||
15 | In all versions of MIT krb5, an authenticated attacker can cause | ||
16 | kadmind to leak memory by supplying a null principal name in a request | ||
17 | which uses one. Repeating these requests will eventually cause | ||
18 | kadmind to exhaust all available memory. | ||
19 | |||
20 | CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C | ||
21 | |||
22 | ticket: 8343 (new) | ||
23 | target_version: 1.14-next | ||
24 | target_version: 1.13-next | ||
25 | tags: pullup | ||
26 | --- | ||
27 | src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++------------------- | ||
28 | 1 file changed, 77 insertions(+), 74 deletions(-) | ||
29 | |||
30 | diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c | ||
31 | index 1879dc6..6ac797e 100644 | ||
32 | --- a/src/kadmin/server/server_stubs.c | ||
33 | +++ b/src/kadmin/server/server_stubs.c | ||
34 | @@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) | ||
35 | { | ||
36 | static generic_ret ret; | ||
37 | char *prime_arg; | ||
38 | - gss_buffer_desc client_name, service_name; | ||
39 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
40 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
41 | OM_uint32 minor_stat; | ||
42 | kadm5_server_handle_t handle; | ||
43 | restriction_t *rp; | ||
44 | @@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) | ||
45 | krb5_free_error_message(handle->context, errmsg); | ||
46 | } | ||
47 | free(prime_arg); | ||
48 | - gss_release_buffer(&minor_stat, &client_name); | ||
49 | - gss_release_buffer(&minor_stat, &service_name); | ||
50 | |||
51 | exit_func: | ||
52 | + gss_release_buffer(&minor_stat, &client_name); | ||
53 | + gss_release_buffer(&minor_stat, &service_name); | ||
54 | free_server_handle(handle); | ||
55 | return &ret; | ||
56 | } | ||
57 | @@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) | ||
58 | { | ||
59 | static generic_ret ret; | ||
60 | char *prime_arg; | ||
61 | - gss_buffer_desc client_name, service_name; | ||
62 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
63 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
64 | OM_uint32 minor_stat; | ||
65 | kadm5_server_handle_t handle; | ||
66 | restriction_t *rp; | ||
67 | @@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) | ||
68 | krb5_free_error_message(handle->context, errmsg); | ||
69 | } | ||
70 | free(prime_arg); | ||
71 | - gss_release_buffer(&minor_stat, &client_name); | ||
72 | - gss_release_buffer(&minor_stat, &service_name); | ||
73 | |||
74 | exit_func: | ||
75 | + gss_release_buffer(&minor_stat, &client_name); | ||
76 | + gss_release_buffer(&minor_stat, &service_name); | ||
77 | free_server_handle(handle); | ||
78 | return &ret; | ||
79 | } | ||
80 | @@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) | ||
81 | { | ||
82 | static generic_ret ret; | ||
83 | char *prime_arg; | ||
84 | - gss_buffer_desc client_name, | ||
85 | - service_name; | ||
86 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
87 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
88 | OM_uint32 minor_stat; | ||
89 | kadm5_server_handle_t handle; | ||
90 | const char *errmsg = NULL; | ||
91 | @@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) | ||
92 | |||
93 | } | ||
94 | free(prime_arg); | ||
95 | - gss_release_buffer(&minor_stat, &client_name); | ||
96 | - gss_release_buffer(&minor_stat, &service_name); | ||
97 | |||
98 | exit_func: | ||
99 | + gss_release_buffer(&minor_stat, &client_name); | ||
100 | + gss_release_buffer(&minor_stat, &service_name); | ||
101 | free_server_handle(handle); | ||
102 | return &ret; | ||
103 | } | ||
104 | @@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) | ||
105 | { | ||
106 | static generic_ret ret; | ||
107 | char *prime_arg; | ||
108 | - gss_buffer_desc client_name, | ||
109 | - service_name; | ||
110 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
111 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
112 | OM_uint32 minor_stat; | ||
113 | kadm5_server_handle_t handle; | ||
114 | restriction_t *rp; | ||
115 | @@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) | ||
116 | krb5_free_error_message(handle->context, errmsg); | ||
117 | } | ||
118 | free(prime_arg); | ||
119 | +exit_func: | ||
120 | gss_release_buffer(&minor_stat, &client_name); | ||
121 | gss_release_buffer(&minor_stat, &service_name); | ||
122 | -exit_func: | ||
123 | free_server_handle(handle); | ||
124 | return &ret; | ||
125 | } | ||
126 | @@ -570,10 +572,9 @@ generic_ret * | ||
127 | rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) | ||
128 | { | ||
129 | static generic_ret ret; | ||
130 | - char *prime_arg1, | ||
131 | - *prime_arg2; | ||
132 | - gss_buffer_desc client_name, | ||
133 | - service_name; | ||
134 | + char *prime_arg1 = NULL, *prime_arg2 = NULL; | ||
135 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
136 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
137 | OM_uint32 minor_stat; | ||
138 | kadm5_server_handle_t handle; | ||
139 | restriction_t *rp; | ||
140 | @@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) | ||
141 | krb5_free_error_message(handle->context, errmsg); | ||
142 | |||
143 | } | ||
144 | +exit_func: | ||
145 | free(prime_arg1); | ||
146 | free(prime_arg2); | ||
147 | gss_release_buffer(&minor_stat, &client_name); | ||
148 | gss_release_buffer(&minor_stat, &service_name); | ||
149 | -exit_func: | ||
150 | free_server_handle(handle); | ||
151 | return &ret; | ||
152 | } | ||
153 | @@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) | ||
154 | { | ||
155 | static gprinc_ret ret; | ||
156 | char *prime_arg, *funcname; | ||
157 | - gss_buffer_desc client_name, | ||
158 | - service_name; | ||
159 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
160 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
161 | OM_uint32 minor_stat; | ||
162 | kadm5_server_handle_t handle; | ||
163 | const char *errmsg = NULL; | ||
164 | @@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) | ||
165 | krb5_free_error_message(handle->context, errmsg); | ||
166 | } | ||
167 | free(prime_arg); | ||
168 | +exit_func: | ||
169 | gss_release_buffer(&minor_stat, &client_name); | ||
170 | gss_release_buffer(&minor_stat, &service_name); | ||
171 | -exit_func: | ||
172 | free_server_handle(handle); | ||
173 | return &ret; | ||
174 | } | ||
175 | @@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) | ||
176 | { | ||
177 | static gprincs_ret ret; | ||
178 | char *prime_arg; | ||
179 | - gss_buffer_desc client_name, | ||
180 | - service_name; | ||
181 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
182 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
183 | OM_uint32 minor_stat; | ||
184 | kadm5_server_handle_t handle; | ||
185 | const char *errmsg = NULL; | ||
186 | @@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) | ||
187 | krb5_free_error_message(handle->context, errmsg); | ||
188 | |||
189 | } | ||
190 | +exit_func: | ||
191 | gss_release_buffer(&minor_stat, &client_name); | ||
192 | gss_release_buffer(&minor_stat, &service_name); | ||
193 | -exit_func: | ||
194 | free_server_handle(handle); | ||
195 | return &ret; | ||
196 | } | ||
197 | @@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) | ||
198 | { | ||
199 | static generic_ret ret; | ||
200 | char *prime_arg; | ||
201 | - gss_buffer_desc client_name, | ||
202 | - service_name; | ||
203 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
204 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
205 | OM_uint32 minor_stat; | ||
206 | kadm5_server_handle_t handle; | ||
207 | const char *errmsg = NULL; | ||
208 | @@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) | ||
209 | } | ||
210 | |||
211 | free(prime_arg); | ||
212 | +exit_func: | ||
213 | gss_release_buffer(&minor_stat, &client_name); | ||
214 | gss_release_buffer(&minor_stat, &service_name); | ||
215 | -exit_func: | ||
216 | free_server_handle(handle); | ||
217 | return &ret; | ||
218 | } | ||
219 | @@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) | ||
220 | { | ||
221 | static generic_ret ret; | ||
222 | char *prime_arg; | ||
223 | - gss_buffer_desc client_name, | ||
224 | - service_name; | ||
225 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
226 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
227 | OM_uint32 minor_stat; | ||
228 | kadm5_server_handle_t handle; | ||
229 | const char *errmsg = NULL; | ||
230 | @@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) | ||
231 | } | ||
232 | |||
233 | free(prime_arg); | ||
234 | +exit_func: | ||
235 | gss_release_buffer(&minor_stat, &client_name); | ||
236 | gss_release_buffer(&minor_stat, &service_name); | ||
237 | -exit_func: | ||
238 | free_server_handle(handle); | ||
239 | return &ret; | ||
240 | } | ||
241 | @@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) | ||
242 | { | ||
243 | static generic_ret ret; | ||
244 | char *prime_arg; | ||
245 | - gss_buffer_desc client_name, | ||
246 | - service_name; | ||
247 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
248 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
249 | OM_uint32 minor_stat; | ||
250 | kadm5_server_handle_t handle; | ||
251 | const char *errmsg = NULL; | ||
252 | @@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) | ||
253 | } | ||
254 | |||
255 | free(prime_arg); | ||
256 | +exit_func: | ||
257 | gss_release_buffer(&minor_stat, &client_name); | ||
258 | gss_release_buffer(&minor_stat, &service_name); | ||
259 | -exit_func: | ||
260 | free_server_handle(handle); | ||
261 | return &ret; | ||
262 | } | ||
263 | @@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) | ||
264 | { | ||
265 | static generic_ret ret; | ||
266 | char *prime_arg; | ||
267 | - gss_buffer_desc client_name, | ||
268 | - service_name; | ||
269 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
270 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
271 | OM_uint32 minor_stat; | ||
272 | kadm5_server_handle_t handle; | ||
273 | const char *errmsg = NULL; | ||
274 | @@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) | ||
275 | } | ||
276 | |||
277 | free(prime_arg); | ||
278 | +exit_func: | ||
279 | gss_release_buffer(&minor_stat, &client_name); | ||
280 | gss_release_buffer(&minor_stat, &service_name); | ||
281 | -exit_func: | ||
282 | free_server_handle(handle); | ||
283 | return &ret; | ||
284 | } | ||
285 | @@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) | ||
286 | { | ||
287 | static generic_ret ret; | ||
288 | char *prime_arg; | ||
289 | - gss_buffer_desc client_name, | ||
290 | - service_name; | ||
291 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
292 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
293 | OM_uint32 minor_stat; | ||
294 | kadm5_server_handle_t handle; | ||
295 | const char *errmsg = NULL; | ||
296 | @@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) | ||
297 | } | ||
298 | |||
299 | free(prime_arg); | ||
300 | +exit_func: | ||
301 | gss_release_buffer(&minor_stat, &client_name); | ||
302 | gss_release_buffer(&minor_stat, &service_name); | ||
303 | -exit_func: | ||
304 | free_server_handle(handle); | ||
305 | return &ret; | ||
306 | } | ||
307 | @@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) | ||
308 | krb5_keyblock *k; | ||
309 | int nkeys; | ||
310 | char *prime_arg, *funcname; | ||
311 | - gss_buffer_desc client_name, | ||
312 | - service_name; | ||
313 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
314 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
315 | OM_uint32 minor_stat; | ||
316 | kadm5_server_handle_t handle; | ||
317 | const char *errmsg = NULL; | ||
318 | @@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) | ||
319 | krb5_free_error_message(handle->context, errmsg); | ||
320 | } | ||
321 | free(prime_arg); | ||
322 | +exit_func: | ||
323 | gss_release_buffer(&minor_stat, &client_name); | ||
324 | gss_release_buffer(&minor_stat, &service_name); | ||
325 | -exit_func: | ||
326 | free_server_handle(handle); | ||
327 | return &ret; | ||
328 | } | ||
329 | @@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) | ||
330 | krb5_keyblock *k; | ||
331 | int nkeys; | ||
332 | char *prime_arg, *funcname; | ||
333 | - gss_buffer_desc client_name, | ||
334 | - service_name; | ||
335 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
336 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
337 | OM_uint32 minor_stat; | ||
338 | kadm5_server_handle_t handle; | ||
339 | const char *errmsg = NULL; | ||
340 | @@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) | ||
341 | krb5_free_error_message(handle->context, errmsg); | ||
342 | } | ||
343 | free(prime_arg); | ||
344 | +exit_func: | ||
345 | gss_release_buffer(&minor_stat, &client_name); | ||
346 | gss_release_buffer(&minor_stat, &service_name); | ||
347 | -exit_func: | ||
348 | free_server_handle(handle); | ||
349 | return &ret; | ||
350 | } | ||
351 | @@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) | ||
352 | { | ||
353 | static generic_ret ret; | ||
354 | char *prime_arg; | ||
355 | - gss_buffer_desc client_name, | ||
356 | - service_name; | ||
357 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
358 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
359 | OM_uint32 minor_stat; | ||
360 | kadm5_server_handle_t handle; | ||
361 | const char *errmsg = NULL; | ||
362 | @@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) | ||
363 | if (errmsg != NULL) | ||
364 | krb5_free_error_message(handle->context, errmsg); | ||
365 | } | ||
366 | +exit_func: | ||
367 | gss_release_buffer(&minor_stat, &client_name); | ||
368 | gss_release_buffer(&minor_stat, &service_name); | ||
369 | -exit_func: | ||
370 | free_server_handle(handle); | ||
371 | return &ret; | ||
372 | } | ||
373 | @@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) | ||
374 | { | ||
375 | static generic_ret ret; | ||
376 | char *prime_arg; | ||
377 | - gss_buffer_desc client_name, | ||
378 | - service_name; | ||
379 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
380 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
381 | OM_uint32 minor_stat; | ||
382 | kadm5_server_handle_t handle; | ||
383 | const char *errmsg = NULL; | ||
384 | @@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) | ||
385 | if (errmsg != NULL) | ||
386 | krb5_free_error_message(handle->context, errmsg); | ||
387 | } | ||
388 | +exit_func: | ||
389 | gss_release_buffer(&minor_stat, &client_name); | ||
390 | gss_release_buffer(&minor_stat, &service_name); | ||
391 | -exit_func: | ||
392 | free_server_handle(handle); | ||
393 | return &ret; | ||
394 | } | ||
395 | @@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) | ||
396 | { | ||
397 | static generic_ret ret; | ||
398 | char *prime_arg; | ||
399 | - gss_buffer_desc client_name, | ||
400 | - service_name; | ||
401 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
402 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
403 | OM_uint32 minor_stat; | ||
404 | kadm5_server_handle_t handle; | ||
405 | const char *errmsg = NULL; | ||
406 | @@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) | ||
407 | if (errmsg != NULL) | ||
408 | krb5_free_error_message(handle->context, errmsg); | ||
409 | } | ||
410 | +exit_func: | ||
411 | gss_release_buffer(&minor_stat, &client_name); | ||
412 | gss_release_buffer(&minor_stat, &service_name); | ||
413 | -exit_func: | ||
414 | free_server_handle(handle); | ||
415 | return &ret; | ||
416 | } | ||
417 | @@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) | ||
418 | static gpol_ret ret; | ||
419 | kadm5_ret_t ret2; | ||
420 | char *prime_arg, *funcname; | ||
421 | - gss_buffer_desc client_name, | ||
422 | - service_name; | ||
423 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
424 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
425 | OM_uint32 minor_stat; | ||
426 | kadm5_principal_ent_rec caller_ent; | ||
427 | kadm5_server_handle_t handle; | ||
428 | @@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) | ||
429 | log_unauth(funcname, prime_arg, | ||
430 | &client_name, &service_name, rqstp); | ||
431 | } | ||
432 | +exit_func: | ||
433 | gss_release_buffer(&minor_stat, &client_name); | ||
434 | gss_release_buffer(&minor_stat, &service_name); | ||
435 | -exit_func: | ||
436 | free_server_handle(handle); | ||
437 | return &ret; | ||
438 | |||
439 | @@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) | ||
440 | { | ||
441 | static gpols_ret ret; | ||
442 | char *prime_arg; | ||
443 | - gss_buffer_desc client_name, | ||
444 | - service_name; | ||
445 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
446 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
447 | OM_uint32 minor_stat; | ||
448 | kadm5_server_handle_t handle; | ||
449 | const char *errmsg = NULL; | ||
450 | @@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) | ||
451 | if (errmsg != NULL) | ||
452 | krb5_free_error_message(handle->context, errmsg); | ||
453 | } | ||
454 | +exit_func: | ||
455 | gss_release_buffer(&minor_stat, &client_name); | ||
456 | gss_release_buffer(&minor_stat, &service_name); | ||
457 | -exit_func: | ||
458 | free_server_handle(handle); | ||
459 | return &ret; | ||
460 | } | ||
461 | @@ -1541,7 +1542,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) | ||
462 | getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) | ||
463 | { | ||
464 | static getprivs_ret ret; | ||
465 | - gss_buffer_desc client_name, service_name; | ||
466 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
467 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
468 | OM_uint32 minor_stat; | ||
469 | kadm5_server_handle_t handle; | ||
470 | const char *errmsg = NULL; | ||
471 | @@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) | ||
472 | if (errmsg != NULL) | ||
473 | krb5_free_error_message(handle->context, errmsg); | ||
474 | |||
475 | +exit_func: | ||
476 | gss_release_buffer(&minor_stat, &client_name); | ||
477 | gss_release_buffer(&minor_stat, &service_name); | ||
478 | -exit_func: | ||
479 | free_server_handle(handle); | ||
480 | return &ret; | ||
481 | } | ||
482 | @@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) | ||
483 | { | ||
484 | static generic_ret ret; | ||
485 | char *prime_arg, *funcname; | ||
486 | - gss_buffer_desc client_name, service_name; | ||
487 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
488 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
489 | OM_uint32 minor_stat; | ||
490 | kadm5_server_handle_t handle; | ||
491 | |||
492 | @@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) | ||
493 | krb5_free_error_message(handle->context, errmsg); | ||
494 | } | ||
495 | free(prime_arg); | ||
496 | +exit_func: | ||
497 | gss_release_buffer(&minor_stat, &client_name); | ||
498 | gss_release_buffer(&minor_stat, &service_name); | ||
499 | -exit_func: | ||
500 | free_server_handle(handle); | ||
501 | return &ret; | ||
502 | } | ||
503 | @@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) | ||
504 | { | ||
505 | static gstrings_ret ret; | ||
506 | char *prime_arg; | ||
507 | - gss_buffer_desc client_name, | ||
508 | - service_name; | ||
509 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
510 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
511 | OM_uint32 minor_stat; | ||
512 | kadm5_server_handle_t handle; | ||
513 | const char *errmsg = NULL; | ||
514 | @@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) | ||
515 | krb5_free_error_message(handle->context, errmsg); | ||
516 | } | ||
517 | free(prime_arg); | ||
518 | +exit_func: | ||
519 | gss_release_buffer(&minor_stat, &client_name); | ||
520 | gss_release_buffer(&minor_stat, &service_name); | ||
521 | -exit_func: | ||
522 | free_server_handle(handle); | ||
523 | return &ret; | ||
524 | } | ||
525 | @@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) | ||
526 | { | ||
527 | static generic_ret ret; | ||
528 | char *prime_arg; | ||
529 | - gss_buffer_desc client_name, | ||
530 | - service_name; | ||
531 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
532 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
533 | OM_uint32 minor_stat; | ||
534 | kadm5_server_handle_t handle; | ||
535 | const char *errmsg = NULL; | ||
536 | @@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) | ||
537 | krb5_free_error_message(handle->context, errmsg); | ||
538 | } | ||
539 | free(prime_arg); | ||
540 | +exit_func: | ||
541 | gss_release_buffer(&minor_stat, &client_name); | ||
542 | gss_release_buffer(&minor_stat, &service_name); | ||
543 | -exit_func: | ||
544 | free_server_handle(handle); | ||
545 | return &ret; | ||
546 | } | ||
547 | @@ -1754,8 +1757,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) | ||
548 | generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) | ||
549 | { | ||
550 | static generic_ret ret; | ||
551 | - gss_buffer_desc client_name, | ||
552 | - service_name; | ||
553 | + gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; | ||
554 | + gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; | ||
555 | kadm5_server_handle_t handle; | ||
556 | OM_uint32 minor_stat; | ||
557 | const char *errmsg = NULL; | ||
558 | @@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) | ||
559 | rqstp->rq_cred.oa_flavor); | ||
560 | if (errmsg != NULL) | ||
561 | krb5_free_error_message(NULL, errmsg); | ||
562 | - gss_release_buffer(&minor_stat, &client_name); | ||
563 | - gss_release_buffer(&minor_stat, &service_name); | ||
564 | |||
565 | exit_func: | ||
566 | + gss_release_buffer(&minor_stat, &client_name); | ||
567 | + gss_release_buffer(&minor_stat, &service_name); | ||
568 | return(&ret); | ||
569 | } | ||
570 | |||