Skip Menu |
 

Subject: Memory leak in save_error_string_nocopy()
From: Tim Pozdeev <TIMOFEY.POZDEEV@saic.com>
To: krb5-bugs@mit.edu
Date: Wed, 15 Dec 2010 13:49:55 +1100
Download (untitled) / with headers
text/plain 1.6KiB
krb5 version 1.8.3. It also applies to version 1.7.x.

There is a memory leak in save_error_string_nocopy() in disp_status.c.

Using umem and gcore leak detection under Solaris highlights the
following leak.

umem_alloc_16 leak: 84 buffers, 16 bytes each, 1344 bytes total
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
592b7e0 5929750 1b4ec693e03bcb 172
226a028 221ac00 0
libumem.so.1`umem_cache_alloc_debug+0x12b
libumem.so.1`umem_cache_alloc+0xc8
libumem.so.1`umem_alloc+0xaf
libumem.so.1`malloc+0x2e
libgssapi_krb5.so.2`gss_krb5_save_error_string_nocopy
+0x2e
libgssapi_krb5.so.2`krb5_gss_save_error_string+0x2f
libgssapi_krb5.so.2`krb5_gss_save_error_info+0x2b
libgssapi_krb5.so.2`krb5_gss_validate_cred+0x6e
libgssapi_krb5.so.2`krb5_gss_init_sec_context+0x175
libgssapi_krb5.so.2`gss_init_sec_context+0x27c

The memory allocated on line 81 (in disp_status.c) never gets freed.

79: p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
80: if (!p) {
81: p = malloc(sizeof(*p)); <<<--- here
82: if (p == NULL) {
83: ret = 1;


The fix is to free the memory in krb5_gss_delete_error_info():

--- disp_status.c Tue Dec 8 11:04:48 2009
+++ disp_status.c-fixed Wed Dec 15 12:00:12 2010
@@ -148,6 +148,7 @@
void krb5_gss_delete_error_info(void *p)
{
gsserrmap_destroy(p);
+ free(p);
}

/**/

Tim
Subject: memory leak in gss krb5 error messaging
Date: Wed, 22 Dec 2010 17:35:43 -0500
From: "Arlene Berry" <aberry@likewise.com>
To: <krb5-bugs@mit.edu>

Memory allocated by save_error_string_nocopy in src/lib/gssapi/krb5/disp_status.c is not being freed.  This fixed it:

 

Index: src/lib/gssapi/krb5/disp_status.c

===================================================================

--- src/lib/gssapi/krb5/disp_status.c        (revision 53585)

+++ src/lib/gssapi/krb5/disp_status.c     (working copy)

@@ -148,6 +148,7 @@

void krb5_gss_delete_error_info(void *p)

{

     gsserrmap_destroy(p);

+    free(p);

}

 /**/

From: tlyu@mit.edu
Subject: SVN Commit

Fix a memory leak independently found by Tim Pozdeev and Arlene Berry.

This change should be pulled up to the 1.8 and 1.7 branches as well.

https://github.com/krb5/krb5/commit/4ca8ca682f903d7fcc0e2c4bf6e116245ef8b7b4
Commit By: tlyu
Revision: 24693
Changed Files:
U trunk/src/lib/gssapi/krb5/disp_status.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r24693 from trunk

------------------------------------------------------------------------
r24693 | tlyu | 2011-03-08 15:53:55 -0500 (Tue, 08 Mar 2011) | 8 lines

ticket: 6844
tags: pullup
target_version: 1.9.1

Fix a memory leak independently found by Tim Pozdeev and Arlene Berry.

This change should be pulled up to the 1.8 and 1.7 branches as well.

https://github.com/krb5/krb5/commit/58dbfb1cd42c3a3e79ca7894055663854e41773d
Commit By: tlyu
Revision: 24948
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/disp_status.c