Skip Menu |
 

Download (untitled) / with headers
text/plain 4.7KiB
From krb5-bugs-incoming-bounces@PCH.mit.edu Thu Oct 7 14:09:58 2010
Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id 0ED043E64C;
Thu, 7 Oct 2010 14:09:58 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o97I9vHN011154;
Thu, 7 Oct 2010 14:09:57 -0400
Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o97HCW0p022083
for <krb5-bugs-incoming@PCH.mit.edu>; Thu, 7 Oct 2010 13:12:32 -0400
Received: from dmz-mailsec-scanner-6.mit.edu (DMZ-MAILSEC-SCANNER-6.MIT.EDU
[18.7.68.35])
by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id o97H5JbC006991
for <krb5-bugs@mit.edu>; Thu, 7 Oct 2010 13:12:32 -0400
X-AuditID: 12074423-b7bd0ae000000a00-bd-4cadff7fa1ff
Received: from mail-yx0-f177.google.com ( [209.85.213.177])
by dmz-mailsec-scanner-6.mit.edu (Symantec Brightmail Gateway) with
SMTP id 9F.3F.02560.F7FFDAC4; Thu, 7 Oct 2010 13:12:31 -0400 (EDT)
Received: by yxm34 with SMTP id 34so41048yxm.36
for <krb5-bugs@mit.edu>; Thu, 07 Oct 2010 10:12:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:received:mime-version:received:from:date
:message-id:subject:to:content-type;
bh=xlDo24bm/tx6aaJJwiHkUIQqWkVoQ/cHr1UX8vPd9m0=;
b=ZnEx7p14Vt+J4qaqzepSinA8WThzd1DYLbsjGvZN6CN0TGqf+vMwqW74ikVtSLCIQx
St8VJxYLivpkZHYsGoUGFMU7aNhXi8v7+qPvnoJByTu7NVWwho16PAi6Blbn02heCDH/
foW4ECldUbLurrhkADo7SFcCVUAU+SXxmYMHY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:from:date:message-id:subject:to:content-type;
b=VRw23ZWMDVcaVUJQ2NuGLrH5N1UOZpz9+WOGvFx9glgmgV/i31ejACxgJpsbz/5TrH
vwKH1LrhFQBhZYlCXzeyXOGEmhpKvWtyF/pUvEaraHnVpqUMtMeFyTnpIdgcJIQOcIbC
d9Mf526rjpSjvJgn0MAeu0ibARdJLqCzPKNAo=
Received: by 10.42.72.129 with SMTP id o1mr465374icj.226.1286471551279; Thu,
07 Oct 2010 10:12:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.245.2 with HTTP; Thu, 7 Oct 2010 10:12:11 -0700 (PDT)
From: Julien Chaffraix <julien.chaffraix@gmail.com>
Date: Thu, 7 Oct 2010 10:12:11 -0700
Message-ID: <AANLkTimtCZ8a-aFbv-kOhgb+h+=8-igizi4=XE3hfNda@mail.gmail.com>
Subject: memory leak in kg_new_connection
To: krb5-bugs@mit.edu
Content-Type: text/plain; charset=ISO-8859-1
X-Brightmail-Tracker: AAAAAxZCyC4WQ2m9FkN78A==
X-Mailman-Approved-At: Thu, 07 Oct 2010 14:09:54 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu

Show quoted text
>Submitter-Id: net
>Originator: Julien Chaffraix
>Organization: Individual
>Confidential: no
>Synopsis: memory leak in kg_new_connection
>Severity: non-critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.9-prerelease
>Environment:
System: Linux squirrel 2.6.32-25-generic #44-Ubuntu SMP Fri Sep 17
20:26:08 UTC 2010 i686 GNU/Linux
Show quoted text
>Description:
(Note: this is a resend as krb5-send-pr does not seem to be working on
my machine)

The function kg_new_connection calls get_credential which allocates a
krb5_creds structure and store it in |k_cred|. The successful path -
the 2 early return at the end of the function - does not free this
memory.

Show quoted text
>How-To-Repeat:
Make kg_new_connection return GSS_S_CONTINUE_NEEDED or GSS_S_COMPLETE.
I don't have a reduced test case for that.

Show quoted text
>Fix:

Following patch fixes the leak:


Index: src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/init_sec_context.c (revision 24355)
+++ src/lib/gssapi/krb5/init_sec_context.c (working copy)
@@ -694,10 +694,10 @@

/* return successfully */

- *minor_status = 0;
if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
ctx->established = 0;
- return(GSS_S_CONTINUE_NEEDED);
+ major_status = GSS_S_CONTINUE_NEEDED;
+ goto cleanup;
} else {
ctx->seq_recv = ctx->seq_send;
g_order_init(&(ctx->seqstate), ctx->seq_recv,
@@ -705,11 +705,11 @@
(ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
ctx->established = 1;
- return(GSS_S_COMPLETE);
+ major_status = GSS_S_COMPLETE;
+ goto cleanup;
}

fail:
- krb5_free_creds(context, k_cred);
if (ctx_free) {
if (ctx_free->auth_context)
krb5_auth_con_free(context, ctx_free->auth_context);
@@ -723,7 +723,9 @@
} else
(void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);

+cleanup:
*minor_status = code;
+ krb5_free_creds(context, k_cred);
return (major_status);
}
From: ghudson@mit.edu
Subject: SVN Commit

Fix a memory leak introduced in r23926 where k_cred was not freed on
successful return from kg_new_connection(). Reported by Julien
Chaffraix.


https://github.com/krb5/krb5/commit/f7119d48093c64a77e40afefa4ed8bb13bcfb527
Commit By: ghudson
Revision: 24646
Changed Files:
U trunk/src/lib/gssapi/krb5/init_sec_context.c
If we decide to go with a more minimal change for 1.9, inserting a
duplicate "krb5_free_creds(context, k_cred);" just after "/* return
successfully */" should do it.
From: tlyu@mit.edu
Subject: SVN Commit

pull up r24646 from trunk

------------------------------------------------------------------------
r24646 | ghudson | 2011-02-22 16:06:23 -0500 (Tue, 22 Feb 2011) | 8 lines

ticket: 6800
target_version: 1.9.1
tags: pullup

Fix a memory leak introduced in r23926 where k_cred was not freed on
successful return from kg_new_connection(). Reported by Julien
Chaffraix.

https://github.com/krb5/krb5/commit/b33f8f36d9f67d786f96486cfff830ec89e96412
Commit By: tlyu
Revision: 24649
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/init_sec_context.c