Skip to content
Permalink
Browse files

Fix multiple tl-data updates over iprop

krb5_dbe_update_tl_data() accepts a single read-only tl-data entry,
but ulog_conv_2dbentry() expects it to process a full list.  Fix
ulog_conv_2dbentry() to call krb5_db2_update_tl_data() on each entry
individually, simplifying its memory management in the process.

ticket: 6913
target_version: 1.9.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24937 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
greghudson committed May 22, 2011
1 parent 723f909 commit 32d2c5270e03c3b3a12f39aecb27669a322eabf3
Showing with 8 additions and 35 deletions.
  1. +8 −35 src/lib/kdb/kdb_convert.c
@@ -585,7 +585,7 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
int i, j, cnt = 0, mod_time = 0, nattrs;
krb5_principal dbprinc;
char *dbprincstr = NULL;
krb5_tl_data *newtl = NULL;
krb5_tl_data newtl;
krb5_error_code ret;
unsigned int prev_n_keys = 0;
krb5_boolean is_add;
@@ -732,40 +732,13 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
break;

case AT_TL_DATA: {
int t;

cnt = u.av_tldata.av_tldata_len;
newtl = calloc(cnt, sizeof (krb5_tl_data));
if (newtl == NULL)
return (ENOMEM);

for (j = 0, t = 0; j < cnt; j++) {
newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet));
if (newtl[t].tl_data_contents == NULL)
/* XXX Memory leak: newtl
and previously
allocated elements. */
return (ENOMEM);

(void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length);
newtl[t].tl_data_next = NULL;
if (t > 0)
newtl[t - 1].tl_data_next = &newtl[t];
t++;
}

if ((ret = krb5_dbe_update_tl_data(context, ent, newtl)))
return (ret);
for (j = 0; j < t; j++)
if (newtl[j].tl_data_contents) {
free(newtl[j].tl_data_contents);
newtl[j].tl_data_contents = NULL;
}
if (newtl) {
free(newtl);
newtl = NULL;
for (j = 0; j < (int)u.av_tldata.av_tldata_len; j++) {
newtl.tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
newtl.tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
newtl.tl_data_contents = (krb5_octet *)u.av_tldata.av_tldata_val[j].tl_data.tl_data_val;
newtl.tl_data_next = NULL;
if ((ret = krb5_dbe_update_tl_data(context, ent, &newtl)))
return (ret);
}
break;
/* END CSTYLED */

0 comments on commit 32d2c52

Please sign in to comment.
You can’t perform that action at this time.