Received: from ptb-relay02.plus.net (ptb-relay02.plus.net [212.159.14.213]) by krbdev.mit.edu (8.12.9) with ESMTP id l77N2XHW015786; Tue, 7 Aug 2007 19:02:33 -0400 (EDT) Received: from [81.174.172.105] (helo=laptop) by ptb-relay02.plus.net with smtp (Exim) id 1IIY4J-0003SJ-LX for rt-comment@krbdev.mit.edu; Wed, 08 Aug 2007 00:02:27 +0100 Message-ID: <0a1101c7d946$ff5f1cf0$0801a8c0@home> From: "Markus Moeller" To: References: Subject: Re: [krbdev.mit.edu #5629] gss_init_sec_context does not release output token buffer when used with spnego mech Date: Wed, 8 Aug 2007 00:02:14 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138 RT-Send-Cc: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1581 Tom, yes that solves this one: ==9846== 1,282 bytes in 1 blocks are definitely lost in loss record 35 of 36 ==9846== at 0x40235B5: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==9846== by 0x4046673: make_ap_req_v1 (init_sec_context.c:320) ==9846== by 0x4046D74: new_connection (init_sec_context.c:561) ==9846== by 0x4047C95: krb5_gss_init_sec_context (init_sec_context.c:943) ==9846== by 0x404D080: k5glue_init_sec_context (krb5_gss_glue.c:675) ==9846== by 0x403473E: gss_init_sec_context (g_init_sec_context.c:211) ==9846== by 0x4052DA9: init_ctx_call_init (spnego_mech.c:687) ==9846== by 0x4052FF9: spnego_gss_init_sec_context (spnego_mech.c:801) ==9846== by 0x403473E: gss_init_sec_context (g_init_sec_context.c:211) Markus ----- Original Message ----- From: "Tom Yu via RT" To: Sent: Tuesday, August 07, 2007 9:15 PM Subject: Re: [krbdev.mit.edu #5629] gss_init_sec_context does not release output token buffer when used with spnego mech > Please try the following patch and let us know if it resolves the > output token buffer leak. > > Index: src/lib/gssapi/spnego/spnego_mech.c > =================================================================== > --- src/lib/gssapi/spnego/spnego_mech.c (revision 19756) > +++ src/lib/gssapi/spnego/spnego_mech.c (revision 19757) > @@ -835,6 +835,7 @@ > ret = GSS_S_FAILURE; > } > } > + gss_release_buffer(tmpmin, &mechtok_out); > if (ret == GSS_S_COMPLETE) { > /* > * Now, switch the output context to refer to the > > >