tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (djm) Avoid KrbV leak for MIT Kerberos

This commit is contained in:
Damien Miller 2003-05-14 19:23:56 +10:00
parent 9d507dac1f
commit 4d99519535
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -72,6 +72,7 @@
over usage of PAM. This allows non-root use of sshd when built with over usage of PAM. This allows non-root use of sshd when built with
--with-pam --with-pam
- (djm) Die screaming if start_pam() is called when UsePAM=no - (djm) Die screaming if start_pam() is called when UsePAM=no
- (djm) Avoid KrbV leak for MIT Kerberos
20030512 20030512
- (djm) Redhat spec: Don't install profile.d scripts when not - (djm) Redhat spec: Don't install profile.d scripts when not
@ -1459,4 +1460,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284; save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@ ok provos@
$Id: ChangeLog,v 1.2695 2003/05/14 05:31:12 djm Exp $ $Id: ChangeLog,v 1.2696 2003/05/14 09:23:56 djm Exp $

20
sshconnect2.c
View File

@ -1130,12 +1130,10 @@ userauth_hostbased(Authctxt *authctxt)
#if KRB5 #if KRB5
static int static int
ssh_krb5_helper(krb5_data *ap) ssh_krb5_helper(krb5_data *ap, krb5_context *context)
{ {
krb5_context xcontext = NULL; /* XXX share with ssh1 */ krb5_context xcontext = NULL; /* XXX share with ssh1 */
krb5_auth_context xauth_context = NULL; krb5_auth_context xauth_context = NULL;
krb5_context *context;
krb5_auth_context *auth_context; krb5_auth_context *auth_context;
krb5_error_code problem; krb5_error_code problem;
const char *tkfile; const char *tkfile;
@ -1191,8 +1189,6 @@ ssh_krb5_helper(krb5_data *ap)
krb5_cc_close(*context, ccache); krb5_cc_close(*context, ccache);
if (*auth_context) if (*auth_context)
krb5_auth_con_free(*context, *auth_context); krb5_auth_con_free(*context, *auth_context);
if (*context)
krb5_free_context(*context);
return (ret); return (ret);
} }
@ -1200,9 +1196,11 @@ int
userauth_kerberos(Authctxt *authctxt) userauth_kerberos(Authctxt *authctxt)
{ {
krb5_data ap; krb5_data ap;
krb5_context *context;
int ret = 0;
if (ssh_krb5_helper(&ap) == 0) if (ssh_krb5_helper(&ap, context) == 0)
return (0); goto out;
packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->server_user);
@ -1214,10 +1212,14 @@ userauth_kerberos(Authctxt *authctxt)
#ifdef HEIMDAL #ifdef HEIMDAL
krb5_data_free(&ap); krb5_data_free(&ap);
#else #else
# warning "XXX - leaks ap data on MIT kerberos" krb5_free_data_contents(*context, &ap);
#endif #endif
ret = 1;
return (1); out:
if (*context)
krb5_free_context(*context);
return ret;
} }
#endif #endif