Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 289FC3E64C; Sun, 7 Nov 2010 10:30:49 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id oA7FUmg9030131; Sun, 7 Nov 2010 10:30:48 -0500 Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id oA5MXkFP025220 for ; Fri, 5 Nov 2010 18:33:46 -0400 Received: from dmz-mailsec-scanner-1.mit.edu (DMZ-MAILSEC-SCANNER-1.MIT.EDU [18.9.25.12]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id oA5MXgri008430 for ; Fri, 5 Nov 2010 18:33:45 -0400 X-Auditid: 1209190c-b7ba9ae0000009f8-44-4cd48649ae76 Received: from sh7.exchange.ms ( [64.71.238.79]) by dmz-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 7B.BE.02552.94684DC4; Fri, 5 Nov 2010 18:33:45 -0400 (EDT) Received: from outbound.mse3.exchange.ms (unknown [10.0.25.203]) by sh7.exchange.ms (Postfix) with ESMTP id BFE63AC5FA for ; Fri, 5 Nov 2010 18:34:01 -0400 (EDT) X-Mimeole: Produced By Microsoft Exchange V6.5 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: potential memory leak in spnego Date: Fri, 5 Nov 2010 18:33:09 -0400 Message-ID: <23447137FA0DAA4D95EF535FF356BE46057A8EAA@mse3be2.mse3.exchange.ms> X-MS-Has-Attach: X-MS-Tnef-Correlator: Thread-Topic: potential memory leak in spnego Thread-Index: Act9OWxRRZGc+g/YTRO6LisMMc6ydA== From: "Arlene Berry" To: X-Mailstreet-Mailscanner-ID: BFE63AC5FA.C8D93 X-Mailstreet-Mailscanner: Found to be clean X-Brightmail-Tracker: AAAAARaQ1n0= Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id oA5MXkFP025220 X-Mailman-Approved-At: Sun, 07 Nov 2010 10:30:46 -0500 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 863 In src/lib/gssapi/spnego/spnego_mech.c in init_ctx_new and acc_ctx_hints, if create_spnego_ctx succeeds but put_mech_set fails, sc will be leaked. --- src/lib/gssapi/spnego/spnego_mech.c (revision 52308) +++ src/lib/gssapi/spnego/spnego_mech.c (revision 52309) @@ -664,10 +664,12 @@ */ sc->ctx_handle = GSS_C_NO_CONTEXT; *ctx = (gss_ctx_id_t)sc; + sc = NULL; *tokflag = INIT_TOKEN_SEND; ret = GSS_S_CONTINUE_NEEDED; cleanup: + release_spnego_ctx(&sc); gss_release_buffer(&tmpmin, &tmpoutput); gss_delete_sec_context(&tmpmin, &tmpctx, GSS_C_NO_BUFFER); gss_release_oid_set(&tmpmin, mechSet); @@ -1358,9 +1360,11 @@ *return_token = INIT_TOKEN_SEND; sc->firstpass = 1; *ctx = (gss_ctx_id_t)sc; + sc = NULL; ret = GSS_S_COMPLETE; cleanup: + release_spnego_ctx(&sc); gss_release_oid_set(&tmpmin, &supported_mechSet); return ret;