From krb5-bugs-incoming-bounces@PCH.mit.edu Thu Feb 28 16:36:44 2013 Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 651573F128; Thu, 28 Feb 2013 16:36:44 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r1SLaicV024082; Thu, 28 Feb 2013 16:36:44 -0500 Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r1SKeklu016776 for ; Thu, 28 Feb 2013 15:40:46 -0500 Received: from dmz-mailsec-scanner-2.mit.edu (DMZ-MAILSEC-SCANNER-2.MIT.EDU [18.9.25.13]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id r1SKeanr028799 for ; Thu, 28 Feb 2013 15:40:46 -0500 X-AuditID: 1209190d-b7fa66d0000008f6-7a-512fc0cd8054 Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 58.11.02294.DC0CF215; Thu, 28 Feb 2013 15:40:45 -0500 (EST) Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r1SKeiEa002644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 28 Feb 2013 15:40:44 -0500 Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.184.36]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r1SKehHt019207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 28 Feb 2013 15:40:43 -0500 Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1]) by blade.bos.redhat.com (8.14.6/8.14.5) with ESMTP id r1SKcbNB002407 for ; Thu, 28 Feb 2013 15:38:37 -0500 Received: (from nalin@localhost) by blade.bos.redhat.com (8.14.6/8.14.6/Submit) id r1SKcbAA002406; Thu, 28 Feb 2013 15:38:37 -0500 Date: Thu, 28 Feb 2013 15:38:37 -0500 Message-Id: <201302282038.r1SKcbAA002406@blade.bos.redhat.com> To: krb5-bugs@mit.edu Subject: memory leak in lookup_etypes_for_keytab() From: nalin@redhat.com X-send-pr-version: 3.99 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRWlGSWpSXmKPExsVysWW7jO7ZA/qBBrO3WVs0PDzO7sDo0XTm KHMAYxSXTUpqTmZZapG+XQJXxuWjW9kLVghV9Oy+wNbAuJ23i5GTQ0LARKLpwSN2EJtRwFvi zdXj7BBxMYkL99azdTFycQgJnGCU+He7hR3C2cQk0XH7AyOEs5RJ4sCsa1BlJxklHnQ+gypr Y5Q49ukJG8gwFgFViY5fy1hBbF4BO4n7SzsZQWwRAVGJl3+PsYDYwgJGEt/PLQGrYQNafmPe KTBbSEBKov3SdLA5zAIsEn/ebGCBOFBcYsf201DHaks8vzCZfQKj4AJGhlWMsim5Vbq5iZk5 xanJusXJiXl5qUW6Rnq5mSV6qSmlmxiBoSbEKcm7g/HdQaVDjAIcjEo8vAFV+oFCrIllxZW5 hxglOZiURHn79wGF+JLyUyozEosz4otKc1KLDzFKcDArifD6TQXK8aYkVlalFuXDpKQ5WJTE ea+k3PQXEkhPLEnNTk0tSC2CyTJxsB9ilOHgUJLg7d4P1C1YlJqeWpGWmVOCrIYTRHCBrOEB WjMRpJC3uCAxtzgzHaLoFKOilDhvI0hCACSRUZoHNwCWHi4xykoJ8zIyMDAI8QBdAPQ4qvwr RnGgp4V5k0Cm8GTmlcBNfwW0mAloceJVHZDFJYkIKakGxiwtSQ2zsOSvveuWKPid2JJwU7Vd RdOWnb155ivN6AcLlmqdWjbp+clnIqrN//ZYzPrQnaJtXx8lHfv+jNUBnVtdl9+WF7kq3+Zw arq4c82NtUKhMU63JggdLSx0K2D8/WB3jZPUyUatN6+CV/8/a2u2TU5iaWVF/qS9U//6b/xw I4w/nf2spBJLcUaioRZzUXEiAPqyulMKAwAA X-Mailman-Approved-At: Thu, 28 Feb 2013 16:36:42 -0500 X-BeenThere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: nalin@redhat.com Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu >Submitter-Id: net >Originator: https://bugzilla.redhat.com/show_bug.cgi?id=911110 >Organization: >Confidential: no >Synopsis: memory leak in lookup_etypes_for_keytab() >Severity: non-critical >Priority: medium >Category: krb5-libs >Class: sw-bug >Release: 1.11.1 >Environment: System: Linux blade.bos.redhat.com 3.7.9-201.fc18.x86_64 #1 SMP Mon Feb 18 21:07:56 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Architecture: x86_64 >Description: Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(), we don't free entries when we're finished examining them. Ensure that when krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we exit the current loop iteration. >How-To-Repeat: Running 'kinit -k' under a memory profiler turns this up, provided there aren't any problems accessing the keytab. >Fix: --- src/lib/krb5/krb/gic_keytab.c +++ src/lib/krb5/krb/gic_keytab.c @@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, goto cleanup; if (!krb5_c_valid_enctype(entry.key.enctype)) - continue; + goto next_entry; if (!krb5_principal_compare(context, entry.principal, client)) - continue; + goto next_entry; /* Make sure our list is for the highest kvno found for client. */ if (entry.vno > max_kvno) { free(etypes); @@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, count = 0; max_kvno = entry.vno; } else if (entry.vno != max_kvno) - continue; + goto next_entry; /* Leave room for the terminator and possibly a second entry. */ p = realloc(etypes, (count + 3) * sizeof(*etypes)); if (p == NULL) { + krb5_free_keytab_entry_contents(context, &entry); ret = ENOMEM; goto cleanup; } @@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, entry.key.enctype == ENCTYPE_DES_CBC_MD4) etypes[count++] = ENCTYPE_DES_CBC_CRC; etypes[count] = 0; +next_entry: + krb5_free_keytab_entry_contents(context, &entry); } ret = 0;