From 1344a69c57f6c2b8e0588e4b18b1178bc596f190 Mon Sep 17 00:00:00 2001 From: Hartmut Reuter Date: Tue, 23 May 2006 17:29:11 +0000 Subject: [PATCH] rxkad-var-tkt-len-20060523 FIXES 31966 allocate memory for struct rxkad_cprivate based upon the actual ticket size not the max ticket size --- src/rxkad/private_data.h | 8 +++++--- src/rxkad/rxkad_client.c | 12 ++++++------ src/rxkad/rxkad_common.c | 5 +++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/rxkad/private_data.h b/src/rxkad/private_data.h index 9551dfe..8c4507b 100644 --- a/src/rxkad/private_data.h +++ b/src/rxkad/private_data.h @@ -48,15 +48,17 @@ struct rxkad_cidgen { afs_int32 ipAddr; /* or an approximation to it */ }; +#define PDATA_SIZE(l) (sizeof(struct rxkad_cprivate) - MAXKTCTICKETLEN + (l)) + /* private data in client-side security object */ struct rxkad_cprivate { afs_int32 kvno; /* key version of ticket */ - afs_int32 ticketLen; /* length of ticket */ + afs_int16 ticketLen; /* length of ticket */ + rxkad_type type; /* always client */ + rxkad_level level; /* minimum security level of client */ fc_KeySchedule keysched; /* the session key */ fc_InitializationVector ivec; /* initialization vector for cbc */ char ticket[MAXKTCTICKETLEN]; /* the ticket for the server */ - rxkad_type type; /* always client */ - rxkad_level level; /* minimum security level of client */ }; /* Per connection client-side info */ diff --git a/src/rxkad/rxkad_client.c b/src/rxkad/rxkad_client.c index 8db7dd0..1f83e2c 100644 --- a/src/rxkad/rxkad_client.c +++ b/src/rxkad/rxkad_client.c @@ -181,7 +181,7 @@ rxkad_NewClientSecurityObject(rxkad_level level, struct rx_securityClass *tsc; struct rxkad_cprivate *tcp; int code; - int size; + int size, psize; size = sizeof(struct rx_securityClass); tsc = (struct rx_securityClass *)rxi_Alloc(size); @@ -189,15 +189,15 @@ rxkad_NewClientSecurityObject(rxkad_level level, tsc->refCount = 1; /* caller gets one for free */ tsc->ops = &rxkad_client_ops; - size = sizeof(struct rxkad_cprivate); - tcp = (struct rxkad_cprivate *)rxi_Alloc(size); - memset((void *)tcp, 0, size); + psize = PDATA_SIZE(ticketLen); + tcp = (struct rxkad_cprivate *)rxi_Alloc(psize); + memset((void *)tcp, 0, psize); tsc->privateData = (char *)tcp; tcp->type |= rxkad_client; tcp->level = level; code = fc_keysched(sessionkey, tcp->keysched); if (code) { - rxi_Free(tcp, sizeof(struct rxkad_cprivate)); + rxi_Free(tcp, psize); rxi_Free(tsc, sizeof(struct rx_securityClass)); return 0; /* bad key */ } @@ -205,7 +205,7 @@ rxkad_NewClientSecurityObject(rxkad_level level, tcp->kvno = kvno; /* key version number */ tcp->ticketLen = ticketLen; /* length of ticket */ if (tcp->ticketLen > MAXKTCTICKETLEN) { - rxi_Free(tcp, sizeof(struct rxkad_cprivate)); + rxi_Free(tcp, psize); rxi_Free(tsc, sizeof(struct rx_securityClass)); return 0; /* bad key */ } diff --git a/src/rxkad/rxkad_common.c b/src/rxkad/rxkad_common.c index 624d820..d71cd33 100644 --- a/src/rxkad/rxkad_common.c +++ b/src/rxkad/rxkad_common.c @@ -68,7 +68,7 @@ RCSID #include #endif #endif - +#include #endif /* KERNEL */ #include @@ -311,7 +311,8 @@ FreeObject(struct rx_securityClass *aobj) tcp = (struct rxkad_cprivate *)aobj->privateData; rxi_Free(aobj, sizeof(struct rx_securityClass)); if (tcp->type & rxkad_client) { - rxi_Free(tcp, sizeof(struct rxkad_cprivate)); + afs_int32 psize = PDATA_SIZE(tcp->ticketLen); + rxi_Free(tcp, psize); } else if (tcp->type & rxkad_server) { rxi_Free(tcp, sizeof(struct rxkad_sprivate)); } else { -- 1.9.4