Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id RAA21300; Wed, 14 Apr 2004 17:31:15 -0400 (EDT) Received: from pch.mit.edu (localhost [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3ELVFos009848 for ; Wed, 14 Apr 2004 17:31:15 -0400 (EDT) Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3D1OLos016893 for ; Mon, 12 Apr 2004 21:24:21 -0400 (EDT) Received: from spork.sendmail.com (spork.sendmail.com [209.246.26.39]) i3D1OJfn011036 for ; Mon, 12 Apr 2004 21:24:20 -0400 (EDT) Received: from twoway ([10.210.202.157])i3D1OGx3010460; Mon, 12 Apr 2004 18:24:16 -0700 (PDT) Message-Id: <000701c420f5$d37f2ce0$1e08d30a@devlab.sendmail.com> From: "lijian" To: Date: Mon, 12 Apr 2004 18:22:38 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailman-Approved-At: Wed, 14 Apr 2004 17:31:13 -0400 Cc: lijian Subject: Memory leak when wrong password is used. X-Beenthere: krb5-bugs-incoming@mit.edu X-Mailman-Version: 2.1 Precedence: list Sender: krb5-bugs-incoming-bounces@mit.edu Errors-To: krb5-bugs-incoming-bounces@mit.edu X-RT-Original-Encoding: iso-8859-1 Content-Length: 829 OS: All Kerberos 5 Version: 1.3.3 The function krb5_get_init_creds_password() leaks memory if wrong password is used. The memory leak happens in krb5_get_init_creds_password() function in src/lib/krb5/krb/gic_pwd.c. Below is the fix: $diff -u src/lib/krb5/krb/gic_pwd.c /tmp/gic_pwd.c.fixed --- src/lib/krb5/krb/gic_pwd.c 2003-08-08 13:46:26.000000000 -0700 +++ /tmp/gic_pwd.c.fixed 2004-04-12 18:07:05.000000000 -0700 @@ -146,6 +146,9 @@ if (!use_master) { use_master = 1; + if (as_reply) + krb5_free_kdc_rep(context, as_reply); + ret2 = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options, krb5_get_as_key_password, (void *) &pw0, Lijian Liu Sendmail, Inc. (510)-594-5527