- (djm) Avoid KrbV leak for MIT Kerberos

ChangeLog

@@ -72,6 +72,7 @@
    over usage of PAM. This allows non-root use of sshd when built with
    --with-pam
  - (djm) Die screaming if start_pam() is called when UsePAM=no
+ - (djm) Avoid KrbV leak for MIT Kerberos
 
 20030512
  - (djm) Redhat spec: Don't install profile.d scripts when not 
@@ -1459,4 +1460,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2695 2003/05/14 05:31:12 djm Exp $
+$Id: ChangeLog,v 1.2696 2003/05/14 09:23:56 djm Exp $

sshconnect2.c

@@ -1130,12 +1130,10 @@ userauth_hostbased(Authctxt *authctxt)
 
 #if KRB5
 static int
-ssh_krb5_helper(krb5_data *ap)
+ssh_krb5_helper(krb5_data *ap, krb5_context *context)
 {
 	krb5_context xcontext = NULL;	/* XXX share with ssh1 */
 	krb5_auth_context xauth_context = NULL;
-
-	krb5_context *context;
 	krb5_auth_context *auth_context;
 	krb5_error_code problem;
 	const char *tkfile;
@@ -1191,8 +1189,6 @@ ssh_krb5_helper(krb5_data *ap)
 		krb5_cc_close(*context, ccache);
 	if (*auth_context)
 		krb5_auth_con_free(*context, *auth_context);
-	if (*context)
-		krb5_free_context(*context);
 	return (ret);
 }
 
@@ -1200,9 +1196,11 @@ int
 userauth_kerberos(Authctxt *authctxt)
 {
 	krb5_data ap;
+	krb5_context *context;
+	int ret = 0;
 
-	if (ssh_krb5_helper(&ap) == 0)
-		return (0);
+	if (ssh_krb5_helper(&ap, context) == 0)
+		goto out;
 
 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
 	packet_put_cstring(authctxt->server_user);
@@ -1214,10 +1212,14 @@ userauth_kerberos(Authctxt *authctxt)
 #ifdef HEIMDAL
 	krb5_data_free(&ap);
 #else
-# warning "XXX - leaks ap data on MIT kerberos"
+	krb5_free_data_contents(*context, &ap);
 #endif
+	ret = 1;
 
-	return (1);
+out:
+	if (*context)
+		krb5_free_context(*context);
+	return ret;
 }
 #endif