Zero length fields when freeing object contents

In krb5_free_data_contents() and krb5_free_checksum_contents(), zero
the length as well as the data pointer to leave the object in a valid
state.  Add asserts to existing test harnesses to verify the new
behavior.

In the krb5 GSS mech's kg_checksum_channel_bindings(), remove the code
to reallocate the checksum with xmalloc(), as it relied on
krb5_free_checksum_contents() leaving the object in an invalid state.
This code was added in commit a30fb4c4400f13a2690df7ef910b7ac0ccbcf194
to match an xfree() call, but commit
29337e7c7b796685fb6a03466d32147e17aa2d16 replaced that xfree() with a
krb5_free_checksum_contents().  (In addition, the xmalloc and xfree
wrappers never evolved to do anything beyond malloc and free.)

In kpropd's recv_database(), don't free outbuf until we are done using
its length.

[ghudson@mit.edu: rewrote commit message; edited doxygen comment
changes to mention version]

ticket: 8871 (new)

1 files changed, 1 insertions, 1 deletions

diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c
index 5622d56e1..ab4a764aa 100644
--- a/src/kprop/kpropd.c
+++ b/src/kprop/kpropd.c
@@ -1412,7 +1412,6 @@ recv_database(krb5_context context, int fd, int database_fd,
         }
         n = write(database_fd, outbuf.data, outbuf.length);
         krb5_free_data_contents(context, &inbuf);
-        krb5_free_data_contents(context, &outbuf);
         if (n < 0) {
             snprintf(buf, sizeof(buf),
                      "while writing database block starting at offset %d",
@@ -1426,6 +1425,7 @@ recv_database(krb5_context context, int fd, int database_fd,
             send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
         }
         received_size += outbuf.length;
+        krb5_free_data_contents(context, &outbuf);
     }
 
     /* OK, we've seen the entire file.  Did we get too many bytes? */