Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) X-RT-Original-Encoding: iso-8859-1 Content-Length: 4823 From krb5-bugs-incoming-bounces@PCH.mit.edu Thu Oct 7 14:09:58 2010 Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 0ED043E64C; Thu, 7 Oct 2010 14:09:58 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o97I9vHN011154; Thu, 7 Oct 2010 14:09:57 -0400 Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o97HCW0p022083 for ; Thu, 7 Oct 2010 13:12:32 -0400 Received: from dmz-mailsec-scanner-6.mit.edu (DMZ-MAILSEC-SCANNER-6.MIT.EDU [18.7.68.35]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id o97H5JbC006991 for ; Thu, 7 Oct 2010 13:12:32 -0400 X-AuditID: 12074423-b7bd0ae000000a00-bd-4cadff7fa1ff Received: from mail-yx0-f177.google.com ( [209.85.213.177]) by dmz-mailsec-scanner-6.mit.edu (Symantec Brightmail Gateway) with SMTP id 9F.3F.02560.F7FFDAC4; Thu, 7 Oct 2010 13:12:31 -0400 (EDT) Received: by yxm34 with SMTP id 34so41048yxm.36 for ; Thu, 07 Oct 2010 10:12:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:from:date :message-id:subject:to:content-type; bh=xlDo24bm/tx6aaJJwiHkUIQqWkVoQ/cHr1UX8vPd9m0=; b=ZnEx7p14Vt+J4qaqzepSinA8WThzd1DYLbsjGvZN6CN0TGqf+vMwqW74ikVtSLCIQx St8VJxYLivpkZHYsGoUGFMU7aNhXi8v7+qPvnoJByTu7NVWwho16PAi6Blbn02heCDH/ foW4ECldUbLurrhkADo7SFcCVUAU+SXxmYMHY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=VRw23ZWMDVcaVUJQ2NuGLrH5N1UOZpz9+WOGvFx9glgmgV/i31ejACxgJpsbz/5TrH vwKH1LrhFQBhZYlCXzeyXOGEmhpKvWtyF/pUvEaraHnVpqUMtMeFyTnpIdgcJIQOcIbC d9Mf526rjpSjvJgn0MAeu0ibARdJLqCzPKNAo= Received: by 10.42.72.129 with SMTP id o1mr465374icj.226.1286471551279; Thu, 07 Oct 2010 10:12:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.245.2 with HTTP; Thu, 7 Oct 2010 10:12:11 -0700 (PDT) From: Julien Chaffraix Date: Thu, 7 Oct 2010 10:12:11 -0700 Message-ID: Subject: memory leak in kg_new_connection To: krb5-bugs@mit.edu Content-Type: text/plain; charset=ISO-8859-1 X-Brightmail-Tracker: AAAAAxZCyC4WQ2m9FkN78A== X-Mailman-Approved-At: Thu, 07 Oct 2010 14:09:54 -0400 X-BeenThere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu >Submitter-Id: net >Originator: Julien Chaffraix >Organization: Individual >Confidential: no >Synopsis: memory leak in kg_new_connection >Severity: non-critical >Priority: medium >Category: krb5-libs >Class: sw-bug >Release: 1.9-prerelease >Environment: System: Linux squirrel 2.6.32-25-generic #44-Ubuntu SMP Fri Sep 17 20:26:08 UTC 2010 i686 GNU/Linux >Description: (Note: this is a resend as krb5-send-pr does not seem to be working on my machine) The function kg_new_connection calls get_credential which allocates a krb5_creds structure and store it in |k_cred|. The successful path - the 2 early return at the end of the function - does not free this memory. >How-To-Repeat: Make kg_new_connection return GSS_S_CONTINUE_NEEDED or GSS_S_COMPLETE. I don't have a reduced test case for that. >Fix: Following patch fixes the leak: Index: src/lib/gssapi/krb5/init_sec_context.c =================================================================== --- src/lib/gssapi/krb5/init_sec_context.c (revision 24355) +++ src/lib/gssapi/krb5/init_sec_context.c (working copy) @@ -694,10 +694,10 @@ /* return successfully */ - *minor_status = 0; if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) { ctx->established = 0; - return(GSS_S_CONTINUE_NEEDED); + major_status = GSS_S_CONTINUE_NEEDED; + goto cleanup; } else { ctx->seq_recv = ctx->seq_send; g_order_init(&(ctx->seqstate), ctx->seq_recv, @@ -705,11 +705,11 @@ (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto); ctx->gss_flags |= GSS_C_PROT_READY_FLAG; ctx->established = 1; - return(GSS_S_COMPLETE); + major_status = GSS_S_COMPLETE; + goto cleanup; } fail: - krb5_free_creds(context, k_cred); if (ctx_free) { if (ctx_free->auth_context) krb5_auth_con_free(context, ctx_free->auth_context); @@ -723,7 +723,9 @@ } else (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); +cleanup: *minor_status = code; + krb5_free_creds(context, k_cred); return (major_status); }