Ticket History #6793: acquire_init_cred leaks interned name

# Mon Oct 04 14:07:04 2010 "Arlene Berry" <aberry@likewise.com> - Ticket created

Subject:	memory leak
Date:	Fri, 1 Oct 2010 21:21:11 -0400
From:	"Arlene Berry" <aberry@likewise.com>
To:	<krb5-bugs@mit.edu>

Download (untitled) / with headers
text/plain 738B

Download (untitled) / with headers
text/html 5.1KiB

We’ve got a report of memory being leaked in src/lib/gssapi/krb5/acquire_cred.c. It looks like the problem is that kg_init_name is being called on names with KG_INIT_NAME_INTERN set but when kg_release_name is called on error paths there are no flags set. This means that names are added to an internal database but never removed from it and the associated memory is never freed. It looks like the version of this code in trunk has been refactored and multiple uses of kg_release_name have been replaced with a single use but both versions call it without flags. Since this internal database is new to me I’m not certain I understand it’s purpose well enough to fix this. Should the kg_release_name calls be changed to pass the flag?

# Wed Oct 06 19:09:11 2010 "Arlene Berry" <aberry@likewise.com> - Correspondence added

Date:	Wed, 6 Oct 2010 16:59:24 -0400
From:	"Arlene Berry" <aberry@likewise.com>
To:	<krb5-bugs@mit.edu>
Subject:	[krbdev.mit.edu #6793] memory leak
RT-Send-Cc:

Download (untitled) / with headers
text/plain 664B

Download (untitled) / with headers
text/html 2.5KiB

If I’m understanding things right, objects should only be added to the internal database if they are going to be passed out in output parameters. Both instances of kg_init_name in acquire_cred.c are called on cred->name which is an internal object and which is not passed out. I checked krb5_gss_release_cred which does not use KG_INIT_NAME_INTERN when releasing cred->name. I also looked at krb5_gss_inquire_cred to see what it does and, if it passes back the name, it calls kg_duplicate_name with KG_INIT_NAME_INTERN set. As best I can determine, cred->name is strictly an internal object and the kg_init_name calls on it should not set KG_INIT_NAME_INTERN.

# Mon Oct 25 15:37:05 2010 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Mon Oct 25 15:37:05 2010 ghudson@mit.edu (Greg Hudson) - Target_Version 1.9 added

# Mon Oct 25 15:37:05 2010 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'

# Mon Oct 25 15:37:05 2010 ghudson@mit.edu (Greg Hudson) - Tags pullup added

# Mon Oct 25 15:37:05 2010 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 342B

In acquire_init_cred in the GSS krb5 mech, don't intern cred->name,
since it's not used as an output parameter. Fixes a memory leak.
Reported by aberry@likewise.com.

https://github.com/krb5/krb5/commit/6877bdbad15700eacb9d946809102507ca23e5d4
Commit By: ghudson
Revision: 24480
Changed Files:
U trunk/src/lib/gssapi/krb5/acquire_cred.c

# Mon Nov 01 16:36:23 2010 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'

# Mon Nov 01 16:36:23 2010 tlyu (Taylor Yu) - Version_Fixed 1.9 added

# Mon Nov 01 16:36:23 2010 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 580B

pull up r24480 from trunk

------------------------------------------------------------------------
r24480 | ghudson | 2010-10-25 15:37:03 -0400 (Mon, 25 Oct 2010) | 8 lines

ticket: 6793
target_version: 1.9
tags: pullup

In acquire_init_cred in the GSS krb5 mech, don't intern cred->name,
since it's not used as an output parameter. Fixes a memory leak.
Reported by aberry@likewise.com.

https://github.com/krb5/krb5/commit/05eb037395eac91e1dc2bdc8398d9d0fa44faba1
Commit By: tlyu
Revision: 24496
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/acquire_cred.c

# Mon Nov 01 17:10:26 2010 tlyu (Taylor Yu) - Subject changed from 'memory leak' to 'acquire_init_cred leaks interned name'

# Wed Dec 16 18:02:56 2015 tlyu (Taylor Yu) - CustomField pullup deleted