From 5ad465bc8e0d957a4945218bea487b77622bf433 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 3 Jun 2022 14:30:42 -0400 Subject: [PATCH] Fix memory leak in OTP kdcpreauth module In otp_edata(), free the generated nonce. ticket: 9063 (new) tags: pullup target_version: 1.20-next target_version: 1.19-next --- src/plugins/preauth/otp/main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c index 119714f994..0e682aae58 100644 --- a/src/plugins/preauth/otp/main.c +++ b/src/plugins/preauth/otp/main.c @@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request, krb5_pa_otp_challenge chl; krb5_pa_data *pa = NULL; krb5_error_code retval; - krb5_data *encoding; + krb5_data *encoding, nonce = empty_data(); char *config; /* Determine if otp is enabled for the user. */ @@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request, ti.iteration_count = -1; /* Generate the nonce. */ - retval = nonce_generate(context, armor_key->length, &chl.nonce); + retval = nonce_generate(context, armor_key->length, &nonce); if (retval != 0) goto out; + chl.nonce = nonce; /* Build the output pa-data. */ retval = encode_krb5_pa_otp_challenge(&chl, &encoding); @@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request, free(encoding); out: + krb5_free_data_contents(context, &nonce); (*respond)(arg, retval, pa); }