Skip Menu |
 

Date: Wed, 16 Apr 2008 18:04:19 -0700
From: sam sharma <sam.sharma@gat.com>
Subject: memory leak in gss_accept_sec_context api
To: krb5-bugs@mit.edu
Download (untitled) / with headers
text/plain 1.3KiB

==6940== 101 (40 direct, 61 indirect) bytes in 1 blocks are definitely lost in loss record 77 of 146

==6940==    at 0x4904DEB: malloc (vg_replace_malloc.c:207)

==6940==    by 0x54C6E19: gssint_convert_name_to_union_name (g_glue.c:468)

==6940==    by 0x54C3DAB: gss_accept_sec_context (g_accept_sec_context.c:304)

==6940==    by 0x5949F17: ???

==6940==    by 0x5949234: ???

 

I analyzed the gss_accept_sec_context() code and came to conclusion that

 

  1. first time: tmp_src_name hold an allocated buffer pointer from gssint_convert_name_to_union_name() and assign to the *src_name variable.

 

I think tmp_src_name variable should be initialized to NULL here after assigning the value of tmp_src_name variable value to *src_name variable so that later on it is not freed.

 

  1. second time: tmp_src_name hold an allocated buffer pointer from gssint_convert_name_to_union_name() and used in gss_display_name().

 

This time tmp_src_name buffer is freed only ‘if (src_name == NULL && tmp_src_name != NULL)’ is true. I think tmp_src_name should be always freed it is not null and the if condition will look like ‘if (tmp_src_name != NULL) gss_release_name(…).

 

Some adjustments in code can get rid of this memory leak. I am using krb5 1.6.3 source code. I will check if it already fixed in 1.6.4 beta code.

 

SAM SHARMA


For a simple client server program with credential delegation enabled,
reports memory leak in the following location when attached to valgrind.

Call stack
-----------
==28305== at 0x401A824: malloc (vg_replace_malloc.c:207)
==28305== by 0x402A4D1: gssint_convert_name_to_union_name
(g_glue.c:468)
==28305== by 0x40279D1: gss_accept_sec_context
(g_accept_sec_context.c:303)

function code
==============
OM_uint32 gssint_convert_name_to_union_name(minor_status, mech,
internal_name, external_name)
OM_uint32 *minor_status;
gss_mechanism mech;
gss_name_t internal_name;
gss_name_t *external_name;
{
OM_uint32 major_status,tmp;
gss_union_name_t union_name;

==> union_name = (gss_union_name_t) malloc (sizeof
(gss_union_name_desc));


This issue is occurs both in version 1.5.4 and 1.6.3
Subject: memory leak in gss_accept_sec_context

For a simple client server program with credential delegation enabled,
reports memory leak in the following location when attached to valgrind.

Call stack
-----------
==28305== at 0x401A824: malloc (vg_replace_malloc.c:207)
==28305== by 0x402A4D1: gssint_convert_name_to_union_name
(g_glue.c:468)
==28305== by 0x40279D1: gss_accept_sec_context
(g_accept_sec_context.c:303)

function code
==============
OM_uint32 gssint_convert_name_to_union_name(minor_status, mech,
internal_name, external_name)
OM_uint32 *minor_status;
gss_mechanism mech;
gss_name_t internal_name;
gss_name_t *external_name;
{
OM_uint32 major_status,tmp;
gss_union_name_t union_name;

==> union_name = (gss_union_name_t) malloc (sizeof
(gss_union_name_desc));


This issue is occurs both in version 1.5.4 and 1.6.3
From: "Somayajula, Sriram" <Sriram.Somayajula@teradata.com>
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject: Memory leak in gss_accept_sec_context() when delegation used (ticket # 5941)
Date: Wed, 20 Jul 2016 19:30:01 +0000

I have noticed the following ticket #5941, but I am not able to find out in which release this problem has been fixed? Can you please help with finding where this problem has been fixed?

 

I noticed the similar memory leak in gss_accept_sec_context() with a simple client and server program with credential delegation enabled and would like to understand what release has the fix available.

 

Thanks,
Sriram

 

 

http://krbdev.mit.edu/rt/Ticket/Display.html?id=5945

 

 

RT-Send-CC: Sriram.Somayajula@teradata.com
This bug was fixed in 1.9 when we simplified out the union cred auxinfo
field. This is the relevant commit:

https://github.com/krb5/krb5/commit/889d3ca4c482f730cd194f2d83c41d70bc615a6
7