Ticket History #3790: memory leak in GSSAPI credential releasing code

From krb5-bugs-incoming-bounces@PCH.mit.edu Wed Apr 5 15:10:04 2006
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id PAA06626; Wed, 5 Apr 2006 15:10:04 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k35J9VcL019236
for <krb5-send-pr@krbdev.mit.edu>; Wed, 5 Apr 2006 15:09:31 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k35J9UYK019213
for <krb5-bugs-incoming@PCH.mit.edu>; Wed, 5 Apr 2006 15:09:30 -0400
Received: from citi.umich.edu (citi.umich.edu [141.211.133.111])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
k35J9QEb009685
for <krb5-bugs@mit.edu>; Wed, 5 Apr 2006 15:09:26 -0400 (EDT)
Received: from rock.citi.umich.edu (rock.citi.umich.edu [141.211.133.90])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by citi.umich.edu (Postfix) with ESMTP id 09E4E1BAF1
for <krb5-bugs@mit.edu>; Wed, 5 Apr 2006 15:09:26 -0400 (EDT)
Received: (from kwc@localhost)
by rock.citi.umich.edu (8.13.1/8.13.1/Submit) id k35J9PbJ030981;
Wed, 5 Apr 2006 15:09:25 -0400
Date: Wed, 5 Apr 2006 15:09:25 -0400
Message-Id: <200604051909.k35J9PbJ030981@rock.citi.umich.edu>
To: krb5-bugs@mit.edu
Subject: memory leak with gss_set_allowable_enctypes
From: kwc@citi.umich.edu
X-send-pr-version: 3.99
X-Spam-Score: -1.638
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: kwc@citi.umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu


University of Michigan -- CITI
System: Linux rock.citi.umich.edu 2.6.16 #2 Tue Apr 4 11:59:44 EDT 2006 i686 i686 i386 GNU/Linux
Architecture: i686

The code for gss_set_allowable_enctypes() copies the list
of requested enctypes to cred->req_enctypes.
The release_cred routine was not changed to free this
information. (My bad.)

Patch below fixes this.

Use gss_set_allowable_enctypes() and gss_release_cred().

--- rel_cred.c 2006-04-05 14:33:53.000000000 -0400
+++ /usr/local/src/krb5/krb5-1.4.2-keyring/src/lib/gssapi/krb5/rel_cred.c 2006-03-30 10:51:38.000000000 -0500
@@ -70,6 +70,8 @@ krb5_gss_release_cred(minor_status, cred
code3 = 0;
if (cred->princ)
krb5_free_principal(context, cred->princ);
+ if (cred->req_enctypes)
+ xfree(cred->req_enctypes);
xfree(cred);
krb5_free_context(context);

From krb5-bugs-incoming-bounces@PCH.mit.edu Wed May 24 16:30:50 2006
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id QAA19608; Wed, 24 May 2006 16:30:50 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OKUFOE025721
for <krb5-send-pr@krbdev.mit.edu>; Wed, 24 May 2006 16:30:15 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OEcf1n032572
for <krb5-bugs-incoming@PCH.mit.edu>; Wed, 24 May 2006 10:38:41 -0400
Received: from skamandros.sncag.com ([217.111.56.2])
by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
k4OEbU1W014644
for <krb5-bugs@mit.edu>; Wed, 24 May 2006 10:38:03 -0400 (EDT)
Received: from skamandros.sncag.com (localhost [127.0.0.1])
by skamandros.sncag.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id
k4OEbULG012821
for <krb5-bugs@mit.edu>; Wed, 24 May 2006 16:37:30 +0200
Received: (from rw@localhost)
by skamandros.sncag.com (8.13.4/8.13.4/Submit) id k4OEbTB7012818;
Wed, 24 May 2006 16:37:29 +0200
Date: Wed, 24 May 2006 16:37:29 +0200
From: Rainer Weikusat <rainer.weikusat@sncag.com>
Message-Id: <200605241437.k4OEbTB7012818@skamandros.sncag.com>
To: krb5-bugs@mit.edu
Subject: memory leak in GSSAPI acquire/ release cred
X-send-pr-version: 3.99
X-Spam-Score: -2.599
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Wed, 24 May 2006 16:30:14 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: rainer.weikusat@sncag.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu


SNC AG

System: Linux skamandros 2.6.16.16 #4 SMP Fri May 12 18:31:50 CEST 2006 i686 GNU/Linux
Architecture: i686

The gss_krb5_set_allowable_enctypes routine in src/lib/gssapi/krb5/set_allowable_enctypes.c
allocates memory for an array of requested enctypes and stores a pointer to that
in the req_enctypes member of the krb5_gss_cred_id_rec structure. This memory is
not freed by the krb5_gss_release_cred routine in src/lib/gssapi/krb5/rel_cred.c,
leading to a memory leak.
diff -u -r1.1.1.1 -r1.1.1.1.2.1
--- kerberos-mmfix/src/lib/gssapi/krb5/rel_cred.c 19 Mar 2006 14:41:59 -0000 1.1.1.1
+++ kerberos-mmfix/src/lib/gssapi/krb5/rel_cred.c 24 May 2006 14:00:05 -0000 1.1.1.1.2.1
@@ -70,6 +70,10 @@
code3 = 0;
if (cred->princ)
krb5_free_principal(context, cred->princ);
+
+ if (cred->req_enctypes)
+ xfree(cred->req_enctypes);
+
xfree(cred);
krb5_free_context(context);

Free requested-enctype list when freeing up credentials. Reported by Rainer
Weikusat.

Commit By: raeburn



Revision: 18093
Changed Files:
U trunk/src/lib/gssapi/krb5/rel_cred.c