RT RT/krbdev.mit.edu: Ticket #2725 memory leak in mk_req_extended() due to an overwrite of the auth context keyblock Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
2725
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-libs
Tags
Version_reported
Version_Fixed
  • 1.4
Target_Version
  • 1.4
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Fri Sep 24 10:37:37 2004
Starts: Not set
Started: Tue Oct 26 19:01:22 2004
Last Contact: Tue Oct 26 19:01:25 2004
Due: Not set
Updated: Mon Nov 15 22:22:24 2004 by tlyu
 

 People  
Owner
 tlyu
Requestors
 schommer@gmail.com
Cc
 hartmans@mit.edu
AdminCc
 
 

 More about schommer@gmail.com  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Fri Sep 24 10:37:39 2004  guest - Ticket created    
     
Subject: memory leak in mk_req_extended() due to an overwrite of the auth
Cc: hartmans@mit.edu

Here is the valgrind output:

==28256== 16 bytes in 1 blocks are definitely lost in loss record 3 of 19
==28256==    at 0x1B902A90: malloc (vg_replace_malloc.c:131)
==28256==    by 0x13C9F8: krb5_copy_keyblock (in /usr/lib/libkrb5.so.3.2)
==28256==    by 0x13975C: krb5_auth_con_setuseruserkey (in
/usr/lib/libkrb5.so.3.2)

If you call krb5_auth_con_setuseruserkey() and then later call
krb5_mk_req_extended() it will overwrite the user key w/o freeing the
prior.  See line 142 of mk_req_ext.c and you'll notice that it does a
copy_keyblock over the key I set with setuseruserkey() without doing an
if( auth_ctx->keyblock ) krb_free_keyblock( auth_ctx->keyblock) first.

The work around I have right now, although poor, is to expose struct
_krb5_auth_context into my application space (taken from a krblib source
file) and call krb5_free_keybock( ctx, authCtx->keyblock) before calling
krb5_mk_req_extended()

I believe that any calls that allocate a keyblock for auth_context will
end up leaking if the user calls krb5_mk_req_extended(), but in my
particular case I had called krb5_auth_con_setuseruserkey() to make it
happen.


(BTW: I send a bug with the krb5-send-pr utility but I may have done it
wrong or something, because its been a day and I've not seen it show up
in my mail.)


Download (untitled) 1.2k
      Fri Sep 24 12:04:32 2004  tlyu - Correspondence added    
     
Subject: missing bug report

[guest - Fri Sep 24 10:37:39 2004]:

> (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> wrong or something, because its been a day and I've not seen it show up
> in my mail.)

I don't think it has shown up yet.  Do your outbound mail logs show it being sent?
You could
file the bug via the web interface; I'll just merge them if there ends up being
duplication.


Download (untitled) 388b
      Fri Sep 24 13:05:42 2004  schommer@gmail.com - Comments added    
     
Date: Fri, 24 Sep 2004 13:05:34 -0400
From: Derrick Schommer <schommer@gmail.com>
To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2725] missing bug report
RT-Send-Cc: 

I posted it in the web interface.  Unfortunately I don't control the
outbound e-mail so I'm not sure if it was reject or not.  Probably
was.


On Fri, 24 Sep 2004 12:04:34 -0400 (EDT), Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:
> [guest - Fri Sep 24 10:37:39 2004]:
>
> > (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> > wrong or something, because its been a day and I've not seen it show up
> > in my mail.)
>
> I don't think it has shown up yet.  Do your outbound mail logs show it being sent?
You could
> file the bug via the web interface; I'll just merge them if there ends up being
duplication.
>


Download (untitled) 640b
      Fri Sep 24 13:05:43 2004  schommer@gmail.com - Correspondence added    
     
Date: Fri, 24 Sep 2004 13:05:34 -0400
From: Derrick Schommer <schommer@gmail.com>
To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2725] missing bug report
RT-Send-Cc: 

I posted it in the web interface.  Unfortunately I don't control the
outbound e-mail so I'm not sure if it was reject or not.  Probably
was.


On Fri, 24 Sep 2004 12:04:34 -0400 (EDT), Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:
> [guest - Fri Sep 24 10:37:39 2004]:
>
> > (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> > wrong or something, because its been a day and I've not seen it show up
> > in my mail.)
>
> I don't think it has shown up yet.  Do your outbound mail logs show it being sent?
You could
> file the bug via the web interface; I'll just merge them if there ends up being
duplication.
>


Download (untitled) 640b
      Mon Oct 18 17:17:06 2004  hartmans - Target_Version 1.4 added    
      Tue Oct 26 19:01:22 2004  tlyu - Status changed from new to resolved    
      Tue Oct 26 19:01:22 2004  tlyu - Given to tlyu    
      Tue Oct 26 19:01:23 2004  tlyu - Component krb5-libs added    
      Tue Oct 26 19:01:23 2004  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: CVS Commit

	* mk_req_ext.c (krb5_mk_req_extended): Free keyblock before
	copying new one in.


To generate a diff of this commit:



	cvs diff -r5.454 -r5.455 krb5/src/lib/krb5/krb/ChangeLog
	cvs diff -r5.76 -r5.77 krb5/src/lib/krb5/krb/mk_req_ext.c


Download (untitled) 239b
      Mon Nov 15 22:22:23 2004  tlyu - Version_Fixed 1.4 added