RT/krbdev.mit.edu: Ticket #5686 NIM: BUG: LIB: khcint_remove_space() frees memory too soon resulting in potential invalid memory access

RT/krbdev.mit.edu: Ticket #5686 NIM: BUG: LIB: khcint_remove_space() frees memory too soon resulting in potential invalid memory access

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
5686

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	windows
Version_reported
Version_Fixed	1.6.3
Target_Version	1.6.3
Tags	pullup

Relationships

Depends on:

Depended on by:

Parents:

5691: (jaltman) Post KFW 3.2.1 Tracking Ticket [resolved]

Children:

Refers to:

Referred to by:

Dates

Created:	Fri Aug 24 10:47:35 2007
Starts:	Not set
Started:	Fri Aug 24 10:47:38 2007
Last Contact:	Fri Sep 28 19:39:02 2007
Due:	Not set
Updated:	Wed Oct 3 15:22:18 2007 by jaltman

People

Owner
jaltman
Requestors
jaltman@mit.edu
Cc

AdminCc

More about Jeffrey Altman

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

1527: krb5_rd_safe_basic() throws exception when sender_addr is NULL (new)
1809: Krb5 Telnet[d] improperly truncates 3DES keys to DES key (new)
2137: krb5_cc_get_principal prevents implementation of auto kinit dialogs in KfM/KfW (new)
2145: gss_release_buffer() too easily deallocates memory it should not (new)
2147: Debug output hooks need to be added to support Windows Help Desk (open)
2253: W2K+3 vs MIT RC4-HMAC based cross-realm trusts (open)
2536: Krb5 Admin Guide fails to document krb524 (new)
2547: Add support for kpasswd/TCP to kadmind (open)
2596: src/krb524/README out of date (new)
2602: Don't reject renewable of non-renewable tickets (new)
2636: replace all calls to getenv()/setenv() with Get/SetEnvironmentVariable on Windows (open)
2640: krb5_cc_default() blocks for two minutes when MSLSA and Logon Server Unavailable (open)
2736: recode krb5_get_credentials to work without a ccache (new)
3112: telnet does not build on Fedora Core 4 (new)
4157: Windows README is out of date (new)
4325: src/include/krb5_err.h needs to be updated to match RFC4120 (new)
4328: Implement new krb5_get_credentials option: KRB5_GC_REPLACE (open)
4740: cccursor backend for MSLSA (new)
5501: Vista UAC impact on Windows Installer requires modifications to admin privilege test (open)
5536: Build Script Fails to build KFW (open)
5543: Build Scripts fail to package with "beta" version (new)
5714: Build Script - Update for 64-bit Windows build (open)
5718: NIM: BUG: APP: Configuration Identity Panel Apply Button (open)
5720: NIM: BUG: APP: Create command-line request queue (open)
5721: NIM: BUG: KRB5: Identity validation can succeed without prompts (open)

History

Display mode: [Brief headers] [Full headers]

Fri Aug 24 10:47:35 2007	jaltman - Ticket created
From: jaltman@mit.edu Subject: SVN Commit The Network Identity Manager Configuration Provider module keeps track of the application and plug-in configuration settings organized into configuration spaces. The state of each configuration space is maintained in a reference counted object. Once all the references are released, the Configuration Provider will attempt to free the resources allocated for the object. If the configuration space was marked for deletion, then the registry keys associated with the object need to be deleted when the object is being discarded. Due to a coding error, the memory allocated for the object would be freed before the associated registry keys were deleted. This could result in a memory access error. The patch corrects the code in khcint_remove_space() to free the allocated memory after all the remaining clean-up steps have been performed. Commit By: jaltman Revision: 19865 Changed Files: U trunk/src/windows/identity/kconfig/api.c		Download (untitled) 944b
Fri Aug 24 10:47:37 2007	jaltman - Requestor jaltman@mit.edu added
Fri Aug 24 10:47:38 2007	jaltman - Status changed from new to resolved
Fri Aug 24 10:47:38 2007	jaltman - Component windows added
Fri Sep 28 17:20:48 2007	jaltman - Target_Version 1.6.4 added
Fri Sep 28 17:20:48 2007	jaltman - Tags pullup added
Fri Sep 28 18:19:58 2007	tlyu - Target_Version 1.6.4 changed to 1.6.3
Fri Sep 28 19:38:59 2007	tlyu - Version_Fixed 1.6.3 added
Fri Sep 28 19:38:59 2007	tlyu - Correspondence added
From: tlyu@mit.edu Subject: SVN Commit pull up r19865 from trunk r19865@cathode-dark-space: jaltman \| 2007-08-24 10:47:30 -0400 ticket: new subject: NIM: khcint_remove_space() frees memory too soon component: windows The Network Identity Manager Configuration Provider module keeps track of the application and plug-in configuration settings organized into configuration spaces. The state of each configuration space is maintained in a reference counted object. Once all the references are released, the Configuration Provider will attempt to free the resources allocated for the object. If the configuration space was marked for deletion, then the registry keys associated with the object need to be deleted when the object is being discarded. Due to a coding error, the memory allocated for the object would be freed before the associated registry keys were deleted. This could result in a memory access error. The patch corrects the code in khcint_remove_space() to free the allocated memory after all the remaining clean-up steps have been performed. Commit By: tlyu Revision: 20000 Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/windows/identity/kconfig/api.c		Download (untitled) 1.1k
Wed Oct 3 15:22:02 2007	jaltman - Subject changed from NIM: khcint_remove_space() frees memory too soon to NIM: BUG: LIB: khcint_remove_space() frees memory too soon resulting in potention invalid memory access
Wed Oct 3 15:22:18 2007	jaltman - Subject changed from NIM: BUG: LIB: khcint_remove_space() frees memory too soon resulting in potention invalid memory access to NIM: BUG: LIB: khcint_remove_space() frees memory too soon resulting in potential invalid memory access