From 146b4982757c97b00baf9a4336095d5921f6fe90 Mon Sep 17 00:00:00 2001
From: yanshuai01 <yanshuai01@kylinos.cn>
Date: Fri, 12 Jul 2024 16:04:27 +0800
Subject: [PATCH] Fix memory leak in OTP kdcpreauth module

---
 ...memory-leak-in-OTP-kdcpreauth-module.patch | 52 +++++++++++++++++++
 krb5.spec                                     |  6 ++-
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 Fix-memory-leak-in-OTP-kdcpreauth-module.patch

diff --git a/Fix-memory-leak-in-OTP-kdcpreauth-module.patch b/Fix-memory-leak-in-OTP-kdcpreauth-module.patch
new file mode 100644
index 0000000..576f0ba
--- /dev/null
+++ b/Fix-memory-leak-in-OTP-kdcpreauth-module.patch
@@ -0,0 +1,52 @@
+From 1166f1404c47af54f3d5b2533bb001fdadf6aadc Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 3 Jun 2022 14:30:42 -0400
+Subject: [PATCH] Fix memory leak in OTP kdcpreauth module
+
+In otp_edata(), free the generated nonce.
+
+(cherry picked from commit 5ad465bc8e0d957a4945218bea487b77622bf433)
+
+ticket: 9063
+version_fixed: 1.20.1
+
+---
+ src/plugins/preauth/otp/main.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
+index a1b6816..f4eedbe 100644
+--- a/src/plugins/preauth/otp/main.c
++++ b/src/plugins/preauth/otp/main.c
+@@ -211,7 +211,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
+     krb5_pa_otp_challenge chl;
+     krb5_pa_data *pa = NULL;
+     krb5_error_code retval;
+-    krb5_data *encoding;
++    krb5_data *encoding, nonce = empty_data();
+     char *config;
+ 
+     /* Determine if otp is enabled for the user. */
+@@ -239,9 +239,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
+     ti.iteration_count = -1;
+ 
+     /* Generate the nonce. */
+-    retval = nonce_generate(context, armor_key->length, &chl.nonce);
++    retval = nonce_generate(context, armor_key->length, &nonce);
+     if (retval != 0)
+         goto out;
++    chl.nonce = nonce;
+ 
+     /* Build the output pa-data. */
+     retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
+@@ -258,6 +259,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
+     free(encoding);
+ 
+ out:
++    krb5_free_data_contents(context, &nonce);
+     (*respond)(arg, retval, pa);
+ }
+ 
+-- 
+2.27.0
+
diff --git a/krb5.spec b/krb5.spec
index d8ff643..2039802 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -3,7 +3,7 @@
 
 Name:     krb5
 Version:  1.19.2
-Release:  17
+Release:  18
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -55,6 +55,7 @@ Patch31: backport-Fix-Python-regexp-literals.patch
 Patch32: backport-Handle-empty-initial-buffer-in-IAKERB-initiator.patch
 Patch33: backport-Add-a-simple-DER-support-header.patch
 Patch34: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
+Patch35: Fix-memory-leak-in-OTP-kdcpreauth-module.patch
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -347,6 +348,9 @@ make -C src check || :
 
 
 %changelog
+* Fri Jul 12 2024 yanshuai <yanshuai01@kylinos.cn> - 1.19.2-18
+- Fix memory leak in OTP kdcpreauth module
+
 * Thu Jul 4 2024 xuraoqing <xuraoqing@huawei.com> - 1.19.2-17
 - backport patches to fix bugs and CVE-2024-37370 CVE-2024-37371
 
-- 
Gitee