Index: src/clients/klist/klist.c =================================================================== RCS file: /cvs/krbdev/krb5/src/clients/klist/klist.c,v retrieving revision 5.63 diff -c -r5.63 klist.c *** src/clients/klist/klist.c 11 Apr 2002 03:21:46 -0000 5.63 --- src/clients/klist/klist.c 23 Aug 2004 03:43:45 -0000 *************** *** 614,619 **** --- 614,622 ---- if (show_etype) { retval = krb5_decode_ticket(&cred->ticket, &tkt); + if (retval) + goto err_tkt; + if (!extra_field) fputs("\t",stdout); else *************** *** 622,629 **** etype_string(cred->keyblock.enctype)); printf("%s ", etype_string(tkt->enc_part.enctype)); - krb5_free_ticket(kcontext, tkt); extra_field++; } /* if any additional info was printed, extra_field is non-zero */ --- 625,635 ---- etype_string(cred->keyblock.enctype)); printf("%s ", etype_string(tkt->enc_part.enctype)); extra_field++; + + err_tkt: + if (tkt != NULL) + krb5_free_ticket(kcontext, tkt); } /* if any additional info was printed, extra_field is non-zero */ Index: src/krb524/krb524d.c =================================================================== RCS file: /cvs/krbdev/krb5/src/krb524/krb524d.c,v retrieving revision 1.55.2.3 diff -c -r1.55.2.3 krb524d.c *** src/krb524/krb524d.c 28 May 2003 04:06:31 -0000 1.55.2.3 --- src/krb524/krb524d.c 23 Aug 2004 03:43:46 -0000 *************** *** 582,589 **** printf("v4 credentials encoded\n"); error: ! if (v5tkt->enc_part2) krb5_free_enc_tkt_part(context, v5tkt->enc_part2); if(v5_service_key.contents) krb5_free_keyblock_contents(context, &v5_service_key); --- 582,591 ---- printf("v4 credentials encoded\n"); error: ! if (v5tkt->enc_part2) { krb5_free_enc_tkt_part(context, v5tkt->enc_part2); + v5tkt->enc_part2 = NULL; + } if(v5_service_key.contents) krb5_free_keyblock_contents(context, &v5_service_key); Index: src/lib/krb5/asn.1/asn1buf.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v retrieving revision 5.24 diff -c -r5.24 asn1buf.c *** src/lib/krb5/asn.1/asn1buf.c 12 Mar 2003 04:33:30 -0000 5.24 --- src/lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:43:47 -0000 *************** *** 255,260 **** --- 255,261 ---- (*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char)); if ((*code)->data == NULL) { free(*code); + *code = NULL; return ENOMEM; } for(i=0; i < (*code)->length; i++) Index: src/lib/krb5/asn.1/krb5_decode.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/krb5_decode.c,v retrieving revision 5.40.2.4 diff -c -r5.40.2.4 krb5_decode.c *** src/lib/krb5/asn.1/krb5_decode.c 22 Jul 2003 23:47:39 -0000 5.40.2.4 --- src/lib/krb5/asn.1/krb5_decode.c 23 Aug 2004 03:43:47 -0000 *************** *** 181,188 **** #define cleanup(cleanup_routine)\ return 0; \ error_out: \ ! if (rep && *rep) \ cleanup_routine(*rep); \ return retval; #define cleanup_none()\ --- 181,190 ---- #define cleanup(cleanup_routine)\ return 0; \ error_out: \ ! if (rep && *rep) { \ cleanup_routine(*rep); \ + *rep = NULL; \ + } \ return retval; #define cleanup_none()\ *************** *** 231,236 **** --- 233,239 ---- free_field(*rep,checksum); free_field(*rep,client); free(*rep); + *rep = NULL; } return retval; } *************** *** 252,258 **** { begin_structure(); { krb5_kvno kvno; get_field(kvno,0,asn1_decode_kvno); ! if(kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } alloc_field((*rep)->server,krb5_principal_data); get_field((*rep)->server,1,asn1_decode_realm); --- 255,261 ---- { begin_structure(); { krb5_kvno kvno; get_field(kvno,0,asn1_decode_kvno); ! if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } alloc_field((*rep)->server,krb5_principal_data); get_field((*rep)->server,1,asn1_decode_realm); *************** *** 266,271 **** --- 269,275 ---- if (rep && *rep) { free_field(*rep,server); free(*rep); + *rep = NULL; } return retval; } *************** *** 318,323 **** --- 322,328 ---- free_field(*rep,session); free_field(*rep,client); free(*rep); + *rep = NULL; } return retval; } *************** *** 401,406 **** --- 406,412 ---- if (rep && *rep) { free_field(*rep,ticket); free(*rep); + *rep = NULL; } return retval; } *************** *** 449,454 **** --- 455,461 ---- if (rep && *rep) { free_field(*rep,subkey); free(*rep); + *rep = NULL; } return retval; } *************** *** 522,527 **** --- 529,535 ---- if (rep && *rep) { free_field(*rep,checksum); free(*rep); + *rep = NULL; } return retval; } *************** *** 575,580 **** --- 583,589 ---- free_field(*rep,r_address); free_field(*rep,s_address); free(*rep); + *rep = NULL; } return retval; } *************** *** 629,634 **** --- 638,644 ---- free_field(*rep,r_address); free_field(*rep,s_address); free(*rep); + *rep = NULL; } return retval; } *************** *** 674,679 **** --- 684,690 ---- free_field(*rep,server); free_field(*rep,client); free(*rep); + *rep = NULL; } return retval; } Index: src/lib/krb5/krb/rd_cred.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/rd_cred.c,v retrieving revision 5.41.2.1 diff -c -r5.41.2.1 rd_cred.c *** src/lib/krb5/krb/rd_cred.c 12 May 2003 22:20:23 -0000 5.41.2.1 --- src/lib/krb5/krb/rd_cred.c 23 Aug 2004 03:43:47 -0000 *************** *** 33,47 **** /* now decode the decrypted stuff */ if ((retval = decode_krb5_enc_cred_part(&scratch, &ppart))) ! goto cleanup_encpart; *pcredenc = *ppart; retval = 0; - cleanup_encpart: - memset(ppart, 0, sizeof(*ppart)); - krb5_xfree(ppart); - cleanup: memset(scratch.data, 0, scratch.length); krb5_xfree(scratch.data); --- 33,43 ---- /* now decode the decrypted stuff */ if ((retval = decode_krb5_enc_cred_part(&scratch, &ppart))) ! goto cleanup; *pcredenc = *ppart; retval = 0; cleanup: memset(scratch.data, 0, scratch.length); krb5_xfree(scratch.data); Index: src/lib/krb5/krb/rd_rep.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/rd_rep.c,v retrieving revision 5.33.2.2 diff -c -r5.33.2.2 rd_rep.c *** src/lib/krb5/krb/rd_rep.c 14 Jun 2003 00:09:47 -0000 5.33.2.2 --- src/lib/krb5/krb/rd_rep.c 23 Aug 2004 03:43:47 -0000 *************** *** 71,76 **** --- 71,78 ---- /* now decode the decrypted stuff */ retval = decode_krb5_ap_rep_enc_part(&scratch, repl); + if (retval) + goto clean_scratch; /* Check reply fields */ if (((*repl)->ctime != auth_context->authentp->ctime) || Index: src/lib/krb5/krb/send_tgs.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/send_tgs.c,v retrieving revision 5.55 diff -c -r5.55 send_tgs.c *** src/lib/krb5/krb/send_tgs.c 12 Jan 2003 18:02:03 -0000 5.55 --- src/lib/krb5/krb/send_tgs.c 23 Aug 2004 03:43:47 -0000 *************** *** 269,274 **** --- 269,276 ---- if (!tcp_only) { krb5_error *err_reply; retval = decode_krb5_error(&rep->response, &err_reply); + if (retval) + goto send_tgs_error_3; if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { tcp_only = 1; krb5_free_error(context, err_reply); *************** *** 277,282 **** --- 279,286 ---- goto send_again; } krb5_free_error(context, err_reply); + send_tgs_error_3: + ; } } else if (krb5_is_tgs_rep(&rep->response)) rep->message_type = KRB5_TGS_REP;