From krb5-bugs-incoming-bounces@PCH.mit.edu Wed May 24 16:30:50 2006
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id QAA19607; Wed, 24 May 2006 16:30:50 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OKUFE3025718
for <krb5-send-pr@krbdev.mit.edu>; Wed, 24 May 2006 16:30:15 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4ODkB56020511
for <krb5-bugs-incoming@PCH.mit.edu>; Wed, 24 May 2006 09:46:11 -0400
Received: from skamandros.sncag.com ([217.111.56.2])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
k4ODkCYe015532
for <krb5-bugs@mit.edu>; Wed, 24 May 2006 09:46:12 -0400 (EDT)
Received: from skamandros.sncag.com (localhost [127.0.0.1])
by skamandros.sncag.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id
k4ODkB53030059
for <krb5-bugs@mit.edu>; Wed, 24 May 2006 15:46:11 +0200
Received: (from rw@localhost)
by skamandros.sncag.com (8.13.4/8.13.4/Submit) id k4ODkBfi030056;
Wed, 24 May 2006 15:46:11 +0200
Date: Wed, 24 May 2006 15:46:11 +0200
From: Rainer Weikusat <rainer.weikusat@sncag.com>
Message-Id: <200605241346.k4ODkBfi030056@skamandros.sncag.com>
To: krb5-bugs@mit.edu
Subject: memory leak
X-send-pr-version: 3.99
X-Spam-Score: -2.599
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Wed, 24 May 2006 16:30:14 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: rainer.weikusat@sncag.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
System: Linux skamandros 2.6.16.16 #4 SMP Fri May 12 18:31:50 CEST 2006 i686 GNU/Linux
Architecture: i686
(towards the end):
/* Copy the requested ktypes into the cred structure */
if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) {
memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
new_ktypes[i] = 0; /* "null-terminate" the list */
}
else {
kerr = ENOMEM;
goto error_out;
}
kerr = k5_mutex_lock(&cred->lock);
if (kerr)
goto error_out;
[...]
error_out:
*minor_status = kerr;
return(major_status);
If the k5_mutex_lock call ever failed, this would obviously leak the memory
already allocated for new_ktypes.
+++ kerberos-mmfix/src/lib/gssapi/krb5/set_allowable_enctypes.c 24 May 2006 13:19:13 -0000 1.1.1.1.2.1
@@ -115,8 +115,11 @@
goto error_out;
}
kerr = k5_mutex_lock(&cred->lock);
- if (kerr)
+ if (kerr) {
+ free(new_ktypes);
goto error_out;
+ }
+
if (cred->req_enctypes)
free(cred->req_enctypes);
cred->req_enctypes = new_ktypes;
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id QAA19607; Wed, 24 May 2006 16:30:50 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4OKUFE3025718
for <krb5-send-pr@krbdev.mit.edu>; Wed, 24 May 2006 16:30:15 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k4ODkB56020511
for <krb5-bugs-incoming@PCH.mit.edu>; Wed, 24 May 2006 09:46:11 -0400
Received: from skamandros.sncag.com ([217.111.56.2])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
k4ODkCYe015532
for <krb5-bugs@mit.edu>; Wed, 24 May 2006 09:46:12 -0400 (EDT)
Received: from skamandros.sncag.com (localhost [127.0.0.1])
by skamandros.sncag.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id
k4ODkB53030059
for <krb5-bugs@mit.edu>; Wed, 24 May 2006 15:46:11 +0200
Received: (from rw@localhost)
by skamandros.sncag.com (8.13.4/8.13.4/Submit) id k4ODkBfi030056;
Wed, 24 May 2006 15:46:11 +0200
Date: Wed, 24 May 2006 15:46:11 +0200
From: Rainer Weikusat <rainer.weikusat@sncag.com>
Message-Id: <200605241346.k4ODkBfi030056@skamandros.sncag.com>
To: krb5-bugs@mit.edu
Subject: memory leak
X-send-pr-version: 3.99
X-Spam-Score: -2.599
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Wed, 24 May 2006 16:30:14 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: rainer.weikusat@sncag.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
Show quoted text
>Submitter-Id: net
>Originator: Rainer Weikusat
>Organization:
SNC AG>Originator: Rainer Weikusat
>Organization:
Show quoted text
>Confidential: no
>Synopsis: memory leak in gss_krb5_set_allowable_enctypes error path
>Severity: non-critical
>Category: krb5-libs
>Class: sw-bug
>Release: 1.4.3
>Environment:
>Synopsis: memory leak in gss_krb5_set_allowable_enctypes error path
>Severity: non-critical
>Category: krb5-libs
>Class: sw-bug
>Release: 1.4.3
>Environment:
System: Linux skamandros 2.6.16.16 #4 SMP Fri May 12 18:31:50 CEST 2006 i686 GNU/Linux
Architecture: i686
Show quoted text
>Description:
The gss_krb5_set_allowable_enctypes contains the following code(towards the end):
/* Copy the requested ktypes into the cred structure */
if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) {
memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
new_ktypes[i] = 0; /* "null-terminate" the list */
}
else {
kerr = ENOMEM;
goto error_out;
}
kerr = k5_mutex_lock(&cred->lock);
if (kerr)
goto error_out;
[...]
error_out:
*minor_status = kerr;
return(major_status);
If the k5_mutex_lock call ever failed, this would obviously leak the memory
already allocated for new_ktypes.
Show quoted text
>Fix:
--- kerberos-mmfix/src/lib/gssapi/krb5/set_allowable_enctypes.c 19 Mar 2006 14:41:59 -0000 1.1.1.1+++ kerberos-mmfix/src/lib/gssapi/krb5/set_allowable_enctypes.c 24 May 2006 13:19:13 -0000 1.1.1.1.2.1
@@ -115,8 +115,11 @@
goto error_out;
}
kerr = k5_mutex_lock(&cred->lock);
- if (kerr)
+ if (kerr) {
+ free(new_ktypes);
goto error_out;
+ }
+
if (cred->req_enctypes)
free(cred->req_enctypes);
cred->req_enctypes = new_ktypes;