Fix potential leaks in delete_context

Free RC4 state if any
Free workstations tring if any

Also make sure to safely zero the struct before freeing to avoid leaking any
key material.

diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 4ed1b1929f1fa71c16754ff951db36e922196ec7..9203939f5cd42fb5a7c7a85d7a955ae99dfa4340 100644 (file)
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -627,6 +627,8 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status,
 
     ctx = (struct gssntlm_ctx *)*context_handle;
 
+    safefree(ctx->workstation);
+
     ret = ntlm_free_ctx(&ctx->ntlm);
 
     safefree(ctx->nego_msg.data);
@@ -639,6 +641,10 @@ uint32_t gssntlm_delete_sec_context(uint32_t *minor_status,
     gssntlm_int_release_name(&ctx->source_name);
     gssntlm_int_release_name(&ctx->target_name);
 
+    RC4_FREE(&ctx->send.seal_handle);
+    RC4_FREE(&ctx->recv.seal_handle);
+
+    safezero(*context_handle, sizeof(struct gssntlm_ctx));
     safefree(*context_handle);
 
     if (ret) {