Subject: memory leak in mk_req_extended() due to an overwrite of the auth
Cc: hartmans@mit.edu

Here is the valgrind output:

==28256== 16 bytes in 1 blocks are definitely lost in loss record 3 of 19
==28256==    at 0x1B902A90: malloc (vg_replace_malloc.c:131)
==28256==    by 0x13C9F8: krb5_copy_keyblock (in /usr/lib/libkrb5.so.3.2)
==28256==    by 0x13975C: krb5_auth_con_setuseruserkey (in
/usr/lib/libkrb5.so.3.2)

If you call krb5_auth_con_setuseruserkey() and then later call
krb5_mk_req_extended() it will overwrite the user key w/o freeing the
prior.  See line 142 of mk_req_ext.c and you'll notice that it does a
copy_keyblock over the key I set with setuseruserkey() without doing an
if( auth_ctx->keyblock ) krb_free_keyblock( auth_ctx->keyblock) first.

The work around I have right now, although poor, is to expose struct
_krb5_auth_context into my application space (taken from a krblib source
file) and call krb5_free_keybock( ctx, authCtx->keyblock) before calling
krb5_mk_req_extended()

I believe that any calls that allocate a keyblock for auth_context will
end up leaking if the user calls krb5_mk_req_extended(), but in my
particular case I had called krb5_auth_con_setuseruserkey() to make it
happen.


(BTW: I send a bug with the krb5-send-pr utility but I may have done it
wrong or something, because its been a day and I've not seen it show up
in my mail.)

Subject: missing bug report

[guest - Fri Sep 24 10:37:39 2004]:

> (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> wrong or something, because its been a day and I've not seen it show up
> in my mail.)

I don't think it has shown up yet.  Do your outbound mail logs show it being sent?
You could
file the bug via the web interface; I'll just merge them if there ends up being
duplication.

Date: Fri, 24 Sep 2004 13:05:34 -0400
From: Derrick Schommer <schommer@gmail.com>
To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2725] missing bug report
RT-Send-Cc: 

I posted it in the web interface.  Unfortunately I don't control the
outbound e-mail so I'm not sure if it was reject or not.  Probably
was.


On Fri, 24 Sep 2004 12:04:34 -0400 (EDT), Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:
> [guest - Fri Sep 24 10:37:39 2004]:
>
> > (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> > wrong or something, because its been a day and I've not seen it show up
> > in my mail.)
>
> I don't think it has shown up yet.  Do your outbound mail logs show it being sent?
You could
> file the bug via the web interface; I'll just merge them if there ends up being
duplication.
>

Date: Fri, 24 Sep 2004 13:05:34 -0400
From: Derrick Schommer <schommer@gmail.com>
To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2725] missing bug report
RT-Send-Cc: 

I posted it in the web interface.  Unfortunately I don't control the
outbound e-mail so I'm not sure if it was reject or not.  Probably
was.


On Fri, 24 Sep 2004 12:04:34 -0400 (EDT), Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:
> [guest - Fri Sep 24 10:37:39 2004]:
>
> > (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> > wrong or something, because its been a day and I've not seen it show up
> > in my mail.)
>
> I don't think it has shown up yet.  Do your outbound mail logs show it being sent?
You could
> file the bug via the web interface; I'll just merge them if there ends up being
duplication.
>

From: tlyu@mit.edu
Subject: CVS Commit

	* mk_req_ext.c (krb5_mk_req_extended): Free keyblock before
	copying new one in.


To generate a diff of this commit:



	cvs diff -r5.454 -r5.455 krb5/src/lib/krb5/krb/ChangeLog
	cvs diff -r5.76 -r5.77 krb5/src/lib/krb5/krb/mk_req_ext.c