Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 4387 From ratliff@austin.ibm.com Tue Oct 2 12:43:14 2001 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id MAA02807 for ; Tue, 2 Oct 2001 12:43:14 -0400 (EDT) Received: from mg03.austin.ibm.com (mg03.austin.ibm.com [192.35.232.20]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA17076 for ; Tue, 2 Oct 2001 12:43:13 -0400 (EDT) Received: from austin.ibm.com (netmail1.austin.ibm.com [9.3.7.138]) by mg03.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA13858 for ; Tue, 2 Oct 2001 11:42:23 -0500 Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123]) by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA32488 for ; Tue, 2 Oct 2001 11:43:10 -0500 Received: by spiff.austin.ibm.com (Postfix, from userid 501) id B999C82C06; Tue, 2 Oct 2001 11:43:13 -0500 (CDT) Message-Id: <20011002164313.B999C82C06@spiff.austin.ibm.com> Date: Tue, 2 Oct 2001 11:43:13 -0500 (CDT) From: ratliff@austin.ibm.com Reply-To: ratliff@austin.ibm.com To: krb5-bugs@mit.edu, ratliff@austin.ibm.com Subject: All memory not being freed during error conditions in _kadm5_init_any X-Send-Pr-Version: 3.99 >Number: 1000 >Category: krb5-libs >Synopsis: All memory not being freed during error conditions in _kadm5_init_any >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue Oct 2 12:44:00 EDT 2001 >Last-Modified: >Originator: Emily Ratliff >Organization: IBM Linux Technology Center, Security >Release: krb5-1.2.2 >Environment: System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown Architecture: i686 >Description: The error handling code in _kadm5_init_any in client_init.c calls free(handle) during error conditions, but them memory allocated for handle->lhandle is not freed. I sent this to the krbdev mailing list but it belongs here so that it is not lost. >How-To-Repeat: >Fix: diff -ur src.old/lib/kadm5/clnt/client_init.c src/lib/kadm5/clnt/client_init.c --- src.old/lib/kadm5/clnt/client_init.c Thu Sep 13 15:38:48 2001 +++ src/lib/kadm5/clnt/client_init.c Tue Sep 18 11:59:47 2001 @@ -171,6 +171,7 @@ int code = 0; generic_ret *r; + krb5_error_code kret; initialize_ovk_error_table(); initialize_adb_error_table(); @@ -199,9 +200,17 @@ handle->lhandle->struct_version = KADM5_STRUCT_VERSION; handle->lhandle->lhandle = handle->lhandle; - krb5_init_context(&handle->context); + kret = krb5_init_context(&handle->context); + if (kret) { + free(handle->lhandle); + free(handle); + return kret; + } + if(service_name == NULL || client_name == NULL) { + krb5_free_context(handle->context); + free(handle->lhandle); free(handle); return EINVAL; } @@ -248,6 +257,8 @@ KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD) if (params_in && params_in->mask & ILLEGAL_PARAMS) { + krb5_free_context(handle->context); + free(handle->lhandle); free(handle); return KADM5_BAD_CLIENT_PARAMS; } @@ -258,6 +269,7 @@ params_in, &handle->params))) { krb5_free_context(handle->context); + free(handle->lhandle); free(handle); return(code); } @@ -267,7 +279,9 @@ KADM5_CONFIG_KADMIND_PORT) if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { + kadm5_free_config_params(handle->context, &handle->params); krb5_free_context(handle->context); + free(handle->lhandle); free(handle); return KADM5_MISSING_CONF_PARAMS; } @@ -551,14 +565,18 @@ AUTH_DESTROY(handle->clnt->cl_auth); if(handle->clnt) clnt_destroy(handle->clnt); + kadm5_free_config_params(handle->context, &handle->params); cleanup: krb5_free_cred_contents(handle->context, &creds); if (gss_client_creds != GSS_C_NO_CREDENTIAL) (void) gss_release_cred(&minor_stat, &gss_client_creds); - if (code) + if (code) { + krb5_free_context(handle->context); + free(handle->lhandle); free(handle); + } return code; } >Audit-Trail: >Unformatted: