From ratliff@austin.ibm.com Tue Oct 2 12:43:14 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id MAA02807
for <bugs@RT-11.mit.edu>; Tue, 2 Oct 2001 12:43:14 -0400 (EDT)
Received: from mg03.austin.ibm.com (mg03.austin.ibm.com [192.35.232.20])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA17076
for <krb5-bugs@mit.edu>; Tue, 2 Oct 2001 12:43:13 -0400 (EDT)
Received: from austin.ibm.com (netmail1.austin.ibm.com [9.3.7.138])
by mg03.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA13858
for <krb5-bugs@mit.edu>; Tue, 2 Oct 2001 11:42:23 -0500
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA32488
for <krb5-bugs@mit.edu>; Tue, 2 Oct 2001 11:43:10 -0500
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id B999C82C06; Tue, 2 Oct 2001 11:43:13 -0500 (CDT)
Message-Id: <20011002164313.B999C82C06@spiff.austin.ibm.com>
Date: Tue, 2 Oct 2001 11:43:13 -0500 (CDT)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu, ratliff@austin.ibm.com
Subject: All memory not being freed during error conditions in _kadm5_init_any
X-Send-Pr-Version: 3.99
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
free(handle) during error conditions, but them memory allocated for
handle->lhandle is not freed.
I sent this to the krbdev mailing list but it belongs here so that
it is not lost.
--- src.old/lib/kadm5/clnt/client_init.c Thu Sep 13 15:38:48 2001
+++ src/lib/kadm5/clnt/client_init.c Tue Sep 18 11:59:47 2001
@@ -171,6 +171,7 @@
int code = 0;
generic_ret *r;
+ krb5_error_code kret;
initialize_ovk_error_table();
initialize_adb_error_table();
@@ -199,9 +200,17 @@
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
- krb5_init_context(&handle->context);
+ kret = krb5_init_context(&handle->context);
+ if (kret) {
+ free(handle->lhandle);
+ free(handle);
+ return kret;
+ }
+
if(service_name == NULL || client_name == NULL) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return EINVAL;
}
@@ -248,6 +257,8 @@
KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD)
if (params_in && params_in->mask & ILLEGAL_PARAMS) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return KADM5_BAD_CLIENT_PARAMS;
}
@@ -258,6 +269,7 @@
params_in,
&handle->params))) {
krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return(code);
}
@@ -267,7 +279,9 @@
KADM5_CONFIG_KADMIND_PORT)
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+ kadm5_free_config_params(handle->context, &handle->params);
krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return KADM5_MISSING_CONF_PARAMS;
}
@@ -551,14 +565,18 @@
AUTH_DESTROY(handle->clnt->cl_auth);
if(handle->clnt)
clnt_destroy(handle->clnt);
+ kadm5_free_config_params(handle->context, &handle->params);
cleanup:
krb5_free_cred_contents(handle->context, &creds);
if (gss_client_creds != GSS_C_NO_CREDENTIAL)
(void) gss_release_cred(&minor_stat, &gss_client_creds);
- if (code)
+ if (code) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
+ }
return code;
}
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id MAA02807
for <bugs@RT-11.mit.edu>; Tue, 2 Oct 2001 12:43:14 -0400 (EDT)
Received: from mg03.austin.ibm.com (mg03.austin.ibm.com [192.35.232.20])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA17076
for <krb5-bugs@mit.edu>; Tue, 2 Oct 2001 12:43:13 -0400 (EDT)
Received: from austin.ibm.com (netmail1.austin.ibm.com [9.3.7.138])
by mg03.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA13858
for <krb5-bugs@mit.edu>; Tue, 2 Oct 2001 11:42:23 -0500
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id LAA32488
for <krb5-bugs@mit.edu>; Tue, 2 Oct 2001 11:43:10 -0500
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id B999C82C06; Tue, 2 Oct 2001 11:43:13 -0500 (CDT)
Message-Id: <20011002164313.B999C82C06@spiff.austin.ibm.com>
Date: Tue, 2 Oct 2001 11:43:13 -0500 (CDT)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu, ratliff@austin.ibm.com
Subject: All memory not being freed during error conditions in _kadm5_init_any
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 1000
>Category: krb5-libs
>Synopsis: All memory not being freed during error conditions in _kadm5_init_any
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 2 12:44:00 EDT 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
IBM Linux Technology Center, Security>Category: krb5-libs
>Synopsis: All memory not being freed during error conditions in _kadm5_init_any
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 2 12:44:00 EDT 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
Show quoted text
>Release: krb5-1.2.2
>Environment:
>Environment:
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
Show quoted text
>Description:
The error handling code in _kadm5_init_any in client_init.c callsfree(handle) during error conditions, but them memory allocated for
handle->lhandle is not freed.
I sent this to the krbdev mailing list but it belongs here so that
it is not lost.
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
diff -ur src.old/lib/kadm5/clnt/client_init.c src/lib/kadm5/clnt/client_init.c--- src.old/lib/kadm5/clnt/client_init.c Thu Sep 13 15:38:48 2001
+++ src/lib/kadm5/clnt/client_init.c Tue Sep 18 11:59:47 2001
@@ -171,6 +171,7 @@
int code = 0;
generic_ret *r;
+ krb5_error_code kret;
initialize_ovk_error_table();
initialize_adb_error_table();
@@ -199,9 +200,17 @@
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
- krb5_init_context(&handle->context);
+ kret = krb5_init_context(&handle->context);
+ if (kret) {
+ free(handle->lhandle);
+ free(handle);
+ return kret;
+ }
+
if(service_name == NULL || client_name == NULL) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return EINVAL;
}
@@ -248,6 +257,8 @@
KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD)
if (params_in && params_in->mask & ILLEGAL_PARAMS) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return KADM5_BAD_CLIENT_PARAMS;
}
@@ -258,6 +269,7 @@
params_in,
&handle->params))) {
krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return(code);
}
@@ -267,7 +279,9 @@
KADM5_CONFIG_KADMIND_PORT)
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+ kadm5_free_config_params(handle->context, &handle->params);
krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return KADM5_MISSING_CONF_PARAMS;
}
@@ -551,14 +565,18 @@
AUTH_DESTROY(handle->clnt->cl_auth);
if(handle->clnt)
clnt_destroy(handle->clnt);
+ kadm5_free_config_params(handle->context, &handle->params);
cleanup:
krb5_free_cred_contents(handle->context, &creds);
if (gss_client_creds != GSS_C_NO_CREDENTIAL)
(void) gss_release_cred(&minor_stat, &gss_client_creds);
- if (code)
+ if (code) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
+ }
return code;
}
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: