aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-02-22 14:42:12 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-02-22 14:42:26 +0000
commiteab4343d4108ba85530b8141ae3fe0a2242cd72b (patch)
tree872fec9ab18ec4f98affaa57918efeda327cdf30
parentbdd0013fdbf7e436512b3e0ef1d7d2c4befac656 (diff)
downloadalpine_aports-eab4343d4108ba85530b8141ae3fe0a2242cd72b.tar.bz2
alpine_aports-eab4343d4108ba85530b8141ae3fe0a2242cd72b.tar.xz
alpine_aports-eab4343d4108ba85530b8141ae3fe0a2242cd72b.zip
main/krb5: security fixes (CVE-2015-8629, CVE-2015-8630, CVE-2015-8631). Fixes #5125
Diffstat
-rw-r--r--main/krb5/APKBUILD14
-rw-r--r--main/krb5/CVE-2015-8629.patch45
-rw-r--r--main/krb5/CVE-2015-8630.patch75
-rw-r--r--main/krb5/CVE-2015-8631.patch570
4 files changed, 703 insertions, 1 deletions
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD
index a64532d81c..0c2ea86cb4 100644
--- a/main/krb5/APKBUILD
+++ b/main/krb5/APKBUILD
@@ -1,7 +1,7 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=krb5 2pkgname=krb5
3pkgver=1.14 3pkgver=1.14
4pkgrel=0 4pkgrel=1
5 5
6case $pkgver in 6case $pkgver in
7*.*.*) _ver=${pkgver%.*};; 7*.*.*) _ver=${pkgver%.*};;
@@ -22,6 +22,9 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-server
22 $pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs" 22 $pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs"
23source="http://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz 23source="http://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz
24 mit-krb5_krb5-config_LDFLAGS.patch 24 mit-krb5_krb5-config_LDFLAGS.patch
25 CVE-2015-8629.patch
26 CVE-2015-8630.patch
27 CVE-2015-8631.patch
25 28
26 krb5kadmind.initd 29 krb5kadmind.initd
27 krb5kdc.initd 30 krb5kdc.initd
@@ -119,16 +122,25 @@ libs() {
119} 122}
120md5sums="0727968764d0208388b85ad31aafde24 krb5-1.14.tar.gz 123md5sums="0727968764d0208388b85ad31aafde24 krb5-1.14.tar.gz
121c84a0c7d8014e3528524956ffdd1c3e9 mit-krb5_krb5-config_LDFLAGS.patch 124c84a0c7d8014e3528524956ffdd1c3e9 mit-krb5_krb5-config_LDFLAGS.patch
12551bfc721a58e4dd28ebcf2f600ff3455 CVE-2015-8629.patch
126f8b6f512f94dcad5bfdc1250beaf2d11 CVE-2015-8630.patch
127380b86bdaa1303a6bc7b0cc3672c3e43 CVE-2015-8631.patch
1229c0e3bac122326cdbbbac068056ee8af krb5kadmind.initd 1289c0e3bac122326cdbbbac068056ee8af krb5kadmind.initd
12371131479c07a2d89b30a2ea18dd64e74 krb5kdc.initd 12971131479c07a2d89b30a2ea18dd64e74 krb5kdc.initd
124d94873a6a1ac6277adf2d25458eda9e5 krb5kpropd.initd" 130d94873a6a1ac6277adf2d25458eda9e5 krb5kpropd.initd"
125sha256sums="cedb07fad8331e3ff2983d26e977a2ddba622f379c2b19bfea85bd695930f9e9 krb5-1.14.tar.gz 131sha256sums="cedb07fad8331e3ff2983d26e977a2ddba622f379c2b19bfea85bd695930f9e9 krb5-1.14.tar.gz
12684007c7423f67db7a8b248b9643c49ef25f2d56ce15c2574eb41ecbf51bcd3f2 mit-krb5_krb5-config_LDFLAGS.patch 13284007c7423f67db7a8b248b9643c49ef25f2d56ce15c2574eb41ecbf51bcd3f2 mit-krb5_krb5-config_LDFLAGS.patch
1336c462dfa8202be953d3b9dc2acecb94b3576663caf7a1ceb1275b1dcb6b11171 CVE-2015-8629.patch
134d87154deff5284b1a22d0c31de1b3c6276e4c2a94d7951b3cb31ed1b2ef405da CVE-2015-8630.patch
1357c1860aeba4b0712b1fd0b46ed6acc882f36a5b5b7cbcaa8e496baca65bc881a CVE-2015-8631.patch
127213a5b04f091e4644e856aabc38da586bd86c4616ab15f00eefca52fca7137d6 krb5kadmind.initd 136213a5b04f091e4644e856aabc38da586bd86c4616ab15f00eefca52fca7137d6 krb5kadmind.initd
128577842c7fe4639a8e9dd349da40e514284dd53440bb71be58283faaf18508f9a krb5kdc.initd 137577842c7fe4639a8e9dd349da40e514284dd53440bb71be58283faaf18508f9a krb5kdc.initd
1291644639d83791bd871f3c89a53a7052ab52994d3ef03d1d675d4217130c1fa94 krb5kpropd.initd" 1381644639d83791bd871f3c89a53a7052ab52994d3ef03d1d675d4217130c1fa94 krb5kpropd.initd"
130sha512sums="b33a85b37f6038e34ba4038c9d1cc6a0df027652cbeccd24e39b323a1ed1bc16305099df04654c80ba7e6b56bd3d3c2df95758add888f9ef8535cb78443684ff krb5-1.14.tar.gz 139sha512sums="b33a85b37f6038e34ba4038c9d1cc6a0df027652cbeccd24e39b323a1ed1bc16305099df04654c80ba7e6b56bd3d3c2df95758add888f9ef8535cb78443684ff krb5-1.14.tar.gz
1315a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch 1405a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch
141a4791794fc8cd675605ed0f9d39b099b2e83713c7038648529906490c36b1e92739f05ba6f5a1be9923459a01b45ffb04129e23313873fea2fd41c45f7f42f90 CVE-2015-8629.patch
142c91415ff810ea1b3d8ba80d005bc40bb3595be4b7610b69d6c8c97bdcb290c1eb400997ccb091863d558bfb8a4cbb8f00557a690f60c0ada700ba76194960b0a CVE-2015-8630.patch
14359b70cf6aa3f462fe8dab0f02e7f649f9615c5e40ad43517a9b9febd2c5d87b0d38f3e620ad6dd006c9ecbc9a4bbcab39655e518c6d37fbe74f40a888545ae79 CVE-2015-8631.patch
13243b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd 14443b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd
133ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd 145ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd
13445be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd" 14645be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd"
diff --git a/main/krb5/CVE-2015-8629.patch b/main/krb5/CVE-2015-8629.patch
new file mode 100644
index 0000000000..1106460205
--- /dev/null
+++ b/main/krb5/CVE-2015-8629.patch
@@ -0,0 +1,45 @@
1From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
2From: Greg Hudson <ghudson@mit.edu>
3Date: Fri, 8 Jan 2016 12:45:25 -0500
4Subject: [PATCH] Verify decoded kadmin C strings [CVE-2015-8629]
5
6In xdr_nullstring(), check that the decoded string is terminated with
7a zero byte and does not contain any internal zero bytes.
8
9CVE-2015-8629:
10
11In all versions of MIT krb5, an authenticated attacker can cause
12kadmind to read beyond the end of allocated memory by sending a string
13without a terminating zero byte. Information leakage may be possible
14for an attacker with permission to modify the database.
15
16 CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
17
18ticket: 8341 (new)
19target_version: 1.14-next
20target_version: 1.13-next
21tags: pullup
22---
23 src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
24 1 file changed, 8 insertions(+), 1 deletion(-)
25
26diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
27index 2bef858..ba67084 100644
28--- a/src/lib/kadm5/kadm_rpc_xdr.c
29+++ b/src/lib/kadm5/kadm_rpc_xdr.c
30@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
31 return FALSE;
32 }
33 }
34- return (xdr_opaque(xdrs, *objp, size));
35+ if (!xdr_opaque(xdrs, *objp, size))
36+ return FALSE;
37+ /* Check that the unmarshalled bytes are a C string. */
38+ if ((*objp)[size - 1] != '\0')
39+ return FALSE;
40+ if (memchr(*objp, '\0', size - 1) != NULL)
41+ return FALSE;
42+ return TRUE;
43
44 case XDR_ENCODE:
45 if (size != 0)
diff --git a/main/krb5/CVE-2015-8630.patch b/main/krb5/CVE-2015-8630.patch
new file mode 100644
index 0000000000..72fefeb896
--- /dev/null
+++ b/main/krb5/CVE-2015-8630.patch
@@ -0,0 +1,75 @@
1From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
2From: Greg Hudson <ghudson@mit.edu>
3Date: Fri, 8 Jan 2016 12:52:28 -0500
4Subject: [PATCH] Check for null kadm5 policy name [CVE-2015-8630]
5
6In kadm5_create_principal_3() and kadm5_modify_principal(), check for
7entry->policy being null when KADM5_POLICY is included in the mask.
8
9CVE-2015-8630:
10
11In MIT krb5 1.12 and later, an authenticated attacker with permission
12to modify a principal entry can cause kadmind to dereference a null
13pointer by supplying a null policy value but including KADM5_POLICY in
14the mask.
15
16 CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
17
18ticket: 8342 (new)
19target_version: 1.14-next
20target_version: 1.13-next
21tags: pullup
22---
23 src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
24 1 file changed, 8 insertions(+), 4 deletions(-)
25
26diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
27index 5b95fa3..1d4365c 100644
28--- a/src/lib/kadm5/srv/svr_principal.c
29+++ b/src/lib/kadm5/srv/svr_principal.c
30@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
31 /*
32 * Argument sanity checking, and opening up the DB
33 */
34+ if (entry == NULL)
35+ return EINVAL;
36 if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
37 (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
38 (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
39@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
40 return KADM5_BAD_MASK;
41 if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
42 return KADM5_BAD_MASK;
43+ if((mask & KADM5_POLICY) && entry->policy == NULL)
44+ return KADM5_BAD_MASK;
45 if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
46 return KADM5_BAD_MASK;
47 if((mask & ~ALL_PRINC_MASK))
48 return KADM5_BAD_MASK;
49- if (entry == NULL)
50- return EINVAL;
51
52 /*
53 * Check to see if the principal exists
54@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
55
56 krb5_clear_error_message(handle->context);
57
58+ if(entry == NULL)
59+ return EINVAL;
60 if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
61 (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
62 (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
63@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
64 return KADM5_BAD_MASK;
65 if((mask & ~ALL_PRINC_MASK))
66 return KADM5_BAD_MASK;
67+ if((mask & KADM5_POLICY) && entry->policy == NULL)
68+ return KADM5_BAD_MASK;
69 if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
70 return KADM5_BAD_MASK;
71- if(entry == (kadm5_principal_ent_t) NULL)
72- return EINVAL;
73 if (mask & KADM5_TL_DATA) {
74 tl_data_orig = entry->tl_data;
75 while (tl_data_orig) {
diff --git a/main/krb5/CVE-2015-8631.patch b/main/krb5/CVE-2015-8631.patch
new file mode 100644
index 0000000000..038ad48100
--- /dev/null
+++ b/main/krb5/CVE-2015-8631.patch
@@ -0,0 +1,570 @@
1From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
2From: Greg Hudson <ghudson@mit.edu>
3Date: Fri, 8 Jan 2016 13:16:54 -0500
4Subject: [PATCH] Fix leaks in kadmin server stubs [CVE-2015-8631]
5
6In each kadmind server stub, initialize the client_name and
7server_name variables, and release them in the cleanup handler. Many
8of the stubs will otherwise leak the client and server name if
9krb5_unparse_name() fails. Also make sure to free the prime_arg
10variables in rename_principal_2_svc(), or we can leak the first one if
11unparsing the second one fails. Discovered by Simo Sorce.
12
13CVE-2015-8631:
14
15In all versions of MIT krb5, an authenticated attacker can cause
16kadmind to leak memory by supplying a null principal name in a request
17which uses one. Repeating these requests will eventually cause
18kadmind to exhaust all available memory.
19
20 CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
21
22ticket: 8343 (new)
23target_version: 1.14-next
24target_version: 1.13-next
25tags: pullup
26---
27 src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
28 1 file changed, 77 insertions(+), 74 deletions(-)
29
30diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
31index 1879dc6..6ac797e 100644
32--- a/src/kadmin/server/server_stubs.c
33+++ b/src/kadmin/server/server_stubs.c
34@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
35 {
36 static generic_ret ret;
37 char *prime_arg;
38- gss_buffer_desc client_name, service_name;
39+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
40+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
41 OM_uint32 minor_stat;
42 kadm5_server_handle_t handle;
43 restriction_t *rp;
44@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
45 krb5_free_error_message(handle->context, errmsg);
46 }
47 free(prime_arg);
48- gss_release_buffer(&minor_stat, &client_name);
49- gss_release_buffer(&minor_stat, &service_name);
50
51 exit_func:
52+ gss_release_buffer(&minor_stat, &client_name);
53+ gss_release_buffer(&minor_stat, &service_name);
54 free_server_handle(handle);
55 return &ret;
56 }
57@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
58 {
59 static generic_ret ret;
60 char *prime_arg;
61- gss_buffer_desc client_name, service_name;
62+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
63+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
64 OM_uint32 minor_stat;
65 kadm5_server_handle_t handle;
66 restriction_t *rp;
67@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
68 krb5_free_error_message(handle->context, errmsg);
69 }
70 free(prime_arg);
71- gss_release_buffer(&minor_stat, &client_name);
72- gss_release_buffer(&minor_stat, &service_name);
73
74 exit_func:
75+ gss_release_buffer(&minor_stat, &client_name);
76+ gss_release_buffer(&minor_stat, &service_name);
77 free_server_handle(handle);
78 return &ret;
79 }
80@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
81 {
82 static generic_ret ret;
83 char *prime_arg;
84- gss_buffer_desc client_name,
85- service_name;
86+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
87+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
88 OM_uint32 minor_stat;
89 kadm5_server_handle_t handle;
90 const char *errmsg = NULL;
91@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
92
93 }
94 free(prime_arg);
95- gss_release_buffer(&minor_stat, &client_name);
96- gss_release_buffer(&minor_stat, &service_name);
97
98 exit_func:
99+ gss_release_buffer(&minor_stat, &client_name);
100+ gss_release_buffer(&minor_stat, &service_name);
101 free_server_handle(handle);
102 return &ret;
103 }
104@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
105 {
106 static generic_ret ret;
107 char *prime_arg;
108- gss_buffer_desc client_name,
109- service_name;
110+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
111+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
112 OM_uint32 minor_stat;
113 kadm5_server_handle_t handle;
114 restriction_t *rp;
115@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
116 krb5_free_error_message(handle->context, errmsg);
117 }
118 free(prime_arg);
119+exit_func:
120 gss_release_buffer(&minor_stat, &client_name);
121 gss_release_buffer(&minor_stat, &service_name);
122-exit_func:
123 free_server_handle(handle);
124 return &ret;
125 }
126@@ -570,10 +572,9 @@ generic_ret *
127 rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
128 {
129 static generic_ret ret;
130- char *prime_arg1,
131- *prime_arg2;
132- gss_buffer_desc client_name,
133- service_name;
134+ char *prime_arg1 = NULL, *prime_arg2 = NULL;
135+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
136+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
137 OM_uint32 minor_stat;
138 kadm5_server_handle_t handle;
139 restriction_t *rp;
140@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
141 krb5_free_error_message(handle->context, errmsg);
142
143 }
144+exit_func:
145 free(prime_arg1);
146 free(prime_arg2);
147 gss_release_buffer(&minor_stat, &client_name);
148 gss_release_buffer(&minor_stat, &service_name);
149-exit_func:
150 free_server_handle(handle);
151 return &ret;
152 }
153@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
154 {
155 static gprinc_ret ret;
156 char *prime_arg, *funcname;
157- gss_buffer_desc client_name,
158- service_name;
159+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
160+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
161 OM_uint32 minor_stat;
162 kadm5_server_handle_t handle;
163 const char *errmsg = NULL;
164@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
165 krb5_free_error_message(handle->context, errmsg);
166 }
167 free(prime_arg);
168+exit_func:
169 gss_release_buffer(&minor_stat, &client_name);
170 gss_release_buffer(&minor_stat, &service_name);
171-exit_func:
172 free_server_handle(handle);
173 return &ret;
174 }
175@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
176 {
177 static gprincs_ret ret;
178 char *prime_arg;
179- gss_buffer_desc client_name,
180- service_name;
181+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
182+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
183 OM_uint32 minor_stat;
184 kadm5_server_handle_t handle;
185 const char *errmsg = NULL;
186@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
187 krb5_free_error_message(handle->context, errmsg);
188
189 }
190+exit_func:
191 gss_release_buffer(&minor_stat, &client_name);
192 gss_release_buffer(&minor_stat, &service_name);
193-exit_func:
194 free_server_handle(handle);
195 return &ret;
196 }
197@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
198 {
199 static generic_ret ret;
200 char *prime_arg;
201- gss_buffer_desc client_name,
202- service_name;
203+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
204+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
205 OM_uint32 minor_stat;
206 kadm5_server_handle_t handle;
207 const char *errmsg = NULL;
208@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
209 }
210
211 free(prime_arg);
212+exit_func:
213 gss_release_buffer(&minor_stat, &client_name);
214 gss_release_buffer(&minor_stat, &service_name);
215-exit_func:
216 free_server_handle(handle);
217 return &ret;
218 }
219@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
220 {
221 static generic_ret ret;
222 char *prime_arg;
223- gss_buffer_desc client_name,
224- service_name;
225+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
226+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
227 OM_uint32 minor_stat;
228 kadm5_server_handle_t handle;
229 const char *errmsg = NULL;
230@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
231 }
232
233 free(prime_arg);
234+exit_func:
235 gss_release_buffer(&minor_stat, &client_name);
236 gss_release_buffer(&minor_stat, &service_name);
237-exit_func:
238 free_server_handle(handle);
239 return &ret;
240 }
241@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
242 {
243 static generic_ret ret;
244 char *prime_arg;
245- gss_buffer_desc client_name,
246- service_name;
247+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
248+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
249 OM_uint32 minor_stat;
250 kadm5_server_handle_t handle;
251 const char *errmsg = NULL;
252@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
253 }
254
255 free(prime_arg);
256+exit_func:
257 gss_release_buffer(&minor_stat, &client_name);
258 gss_release_buffer(&minor_stat, &service_name);
259-exit_func:
260 free_server_handle(handle);
261 return &ret;
262 }
263@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
264 {
265 static generic_ret ret;
266 char *prime_arg;
267- gss_buffer_desc client_name,
268- service_name;
269+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
270+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
271 OM_uint32 minor_stat;
272 kadm5_server_handle_t handle;
273 const char *errmsg = NULL;
274@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
275 }
276
277 free(prime_arg);
278+exit_func:
279 gss_release_buffer(&minor_stat, &client_name);
280 gss_release_buffer(&minor_stat, &service_name);
281-exit_func:
282 free_server_handle(handle);
283 return &ret;
284 }
285@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
286 {
287 static generic_ret ret;
288 char *prime_arg;
289- gss_buffer_desc client_name,
290- service_name;
291+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
292+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
293 OM_uint32 minor_stat;
294 kadm5_server_handle_t handle;
295 const char *errmsg = NULL;
296@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
297 }
298
299 free(prime_arg);
300+exit_func:
301 gss_release_buffer(&minor_stat, &client_name);
302 gss_release_buffer(&minor_stat, &service_name);
303-exit_func:
304 free_server_handle(handle);
305 return &ret;
306 }
307@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
308 krb5_keyblock *k;
309 int nkeys;
310 char *prime_arg, *funcname;
311- gss_buffer_desc client_name,
312- service_name;
313+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
314+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
315 OM_uint32 minor_stat;
316 kadm5_server_handle_t handle;
317 const char *errmsg = NULL;
318@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
319 krb5_free_error_message(handle->context, errmsg);
320 }
321 free(prime_arg);
322+exit_func:
323 gss_release_buffer(&minor_stat, &client_name);
324 gss_release_buffer(&minor_stat, &service_name);
325-exit_func:
326 free_server_handle(handle);
327 return &ret;
328 }
329@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
330 krb5_keyblock *k;
331 int nkeys;
332 char *prime_arg, *funcname;
333- gss_buffer_desc client_name,
334- service_name;
335+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
336+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
337 OM_uint32 minor_stat;
338 kadm5_server_handle_t handle;
339 const char *errmsg = NULL;
340@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
341 krb5_free_error_message(handle->context, errmsg);
342 }
343 free(prime_arg);
344+exit_func:
345 gss_release_buffer(&minor_stat, &client_name);
346 gss_release_buffer(&minor_stat, &service_name);
347-exit_func:
348 free_server_handle(handle);
349 return &ret;
350 }
351@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
352 {
353 static generic_ret ret;
354 char *prime_arg;
355- gss_buffer_desc client_name,
356- service_name;
357+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
358+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
359 OM_uint32 minor_stat;
360 kadm5_server_handle_t handle;
361 const char *errmsg = NULL;
362@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
363 if (errmsg != NULL)
364 krb5_free_error_message(handle->context, errmsg);
365 }
366+exit_func:
367 gss_release_buffer(&minor_stat, &client_name);
368 gss_release_buffer(&minor_stat, &service_name);
369-exit_func:
370 free_server_handle(handle);
371 return &ret;
372 }
373@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
374 {
375 static generic_ret ret;
376 char *prime_arg;
377- gss_buffer_desc client_name,
378- service_name;
379+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
380+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
381 OM_uint32 minor_stat;
382 kadm5_server_handle_t handle;
383 const char *errmsg = NULL;
384@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
385 if (errmsg != NULL)
386 krb5_free_error_message(handle->context, errmsg);
387 }
388+exit_func:
389 gss_release_buffer(&minor_stat, &client_name);
390 gss_release_buffer(&minor_stat, &service_name);
391-exit_func:
392 free_server_handle(handle);
393 return &ret;
394 }
395@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
396 {
397 static generic_ret ret;
398 char *prime_arg;
399- gss_buffer_desc client_name,
400- service_name;
401+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
402+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
403 OM_uint32 minor_stat;
404 kadm5_server_handle_t handle;
405 const char *errmsg = NULL;
406@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
407 if (errmsg != NULL)
408 krb5_free_error_message(handle->context, errmsg);
409 }
410+exit_func:
411 gss_release_buffer(&minor_stat, &client_name);
412 gss_release_buffer(&minor_stat, &service_name);
413-exit_func:
414 free_server_handle(handle);
415 return &ret;
416 }
417@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
418 static gpol_ret ret;
419 kadm5_ret_t ret2;
420 char *prime_arg, *funcname;
421- gss_buffer_desc client_name,
422- service_name;
423+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
424+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
425 OM_uint32 minor_stat;
426 kadm5_principal_ent_rec caller_ent;
427 kadm5_server_handle_t handle;
428@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
429 log_unauth(funcname, prime_arg,
430 &client_name, &service_name, rqstp);
431 }
432+exit_func:
433 gss_release_buffer(&minor_stat, &client_name);
434 gss_release_buffer(&minor_stat, &service_name);
435-exit_func:
436 free_server_handle(handle);
437 return &ret;
438
439@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
440 {
441 static gpols_ret ret;
442 char *prime_arg;
443- gss_buffer_desc client_name,
444- service_name;
445+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
446+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
447 OM_uint32 minor_stat;
448 kadm5_server_handle_t handle;
449 const char *errmsg = NULL;
450@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
451 if (errmsg != NULL)
452 krb5_free_error_message(handle->context, errmsg);
453 }
454+exit_func:
455 gss_release_buffer(&minor_stat, &client_name);
456 gss_release_buffer(&minor_stat, &service_name);
457-exit_func:
458 free_server_handle(handle);
459 return &ret;
460 }
461@@ -1541,7 +1542,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
462 getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
463 {
464 static getprivs_ret ret;
465- gss_buffer_desc client_name, service_name;
466+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
467+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
468 OM_uint32 minor_stat;
469 kadm5_server_handle_t handle;
470 const char *errmsg = NULL;
471@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
472 if (errmsg != NULL)
473 krb5_free_error_message(handle->context, errmsg);
474
475+exit_func:
476 gss_release_buffer(&minor_stat, &client_name);
477 gss_release_buffer(&minor_stat, &service_name);
478-exit_func:
479 free_server_handle(handle);
480 return &ret;
481 }
482@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
483 {
484 static generic_ret ret;
485 char *prime_arg, *funcname;
486- gss_buffer_desc client_name, service_name;
487+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
488+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
489 OM_uint32 minor_stat;
490 kadm5_server_handle_t handle;
491
492@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
493 krb5_free_error_message(handle->context, errmsg);
494 }
495 free(prime_arg);
496+exit_func:
497 gss_release_buffer(&minor_stat, &client_name);
498 gss_release_buffer(&minor_stat, &service_name);
499-exit_func:
500 free_server_handle(handle);
501 return &ret;
502 }
503@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
504 {
505 static gstrings_ret ret;
506 char *prime_arg;
507- gss_buffer_desc client_name,
508- service_name;
509+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
510+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
511 OM_uint32 minor_stat;
512 kadm5_server_handle_t handle;
513 const char *errmsg = NULL;
514@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
515 krb5_free_error_message(handle->context, errmsg);
516 }
517 free(prime_arg);
518+exit_func:
519 gss_release_buffer(&minor_stat, &client_name);
520 gss_release_buffer(&minor_stat, &service_name);
521-exit_func:
522 free_server_handle(handle);
523 return &ret;
524 }
525@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
526 {
527 static generic_ret ret;
528 char *prime_arg;
529- gss_buffer_desc client_name,
530- service_name;
531+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
532+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
533 OM_uint32 minor_stat;
534 kadm5_server_handle_t handle;
535 const char *errmsg = NULL;
536@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
537 krb5_free_error_message(handle->context, errmsg);
538 }
539 free(prime_arg);
540+exit_func:
541 gss_release_buffer(&minor_stat, &client_name);
542 gss_release_buffer(&minor_stat, &service_name);
543-exit_func:
544 free_server_handle(handle);
545 return &ret;
546 }
547@@ -1754,8 +1757,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
548 generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
549 {
550 static generic_ret ret;
551- gss_buffer_desc client_name,
552- service_name;
553+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
554+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
555 kadm5_server_handle_t handle;
556 OM_uint32 minor_stat;
557 const char *errmsg = NULL;
558@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
559 rqstp->rq_cred.oa_flavor);
560 if (errmsg != NULL)
561 krb5_free_error_message(NULL, errmsg);
562- gss_release_buffer(&minor_stat, &client_name);
563- gss_release_buffer(&minor_stat, &service_name);
564
565 exit_func:
566+ gss_release_buffer(&minor_stat, &client_name);
567+ gss_release_buffer(&minor_stat, &service_name);
568 return(&ret);
569 }
570
© 2015 Mike Crute