Skip Menu |

From: "McClement, Greg" <>
To: "" <>
Date: Fri, 7 Oct 2011 23:24:14 +0200
Subject: memory leak in version 1.9.1
Download (untitled) / with headers
text/plain 1.8KiB
Memory leak in version 1.9.1. See comments prefixed with “GJM:”
#include "../../krb5/krb/auth_con.h"
static krb5_error_code KRB5_CALLCONV
make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
                   void *cksum_data, krb5_data **out)
    krb5_error_code code;
    krb5_int32 con_flags;
    unsigned char *ptr;
    struct gss_checksum_data *data = cksum_data;
         * RFC 4121 4.1.1 specifies forwarded credentials must be encrypted in
         * the session key, but krb5_fwd_tgt_creds will use the send subkey if
         * it's set in the auth context.  Suppress the send subkey
         * temporarily.
GJM: This refcount on the key is one. This line increases it to two . 
        krb5_auth_con_getsendsubkey_k(context, auth_context, &send_subkey);
GJM: This decrements the refcount back to one.
        krb5_auth_con_setsendsubkey_k(context, auth_context, NULL);
        code = krb5_fwd_tgt_creds(context, auth_context, 0,
                                  data->cred->name->princ, data->ctx->there->princ,
                                  data->cred->ccache, 1,
        /* Turn KRB5_AUTH_CONTEXT_DO_TIME back on and reset the send subkey. */
        krb5_auth_con_setflags(context, auth_context, con_flags);
GJM: This increases the ref count back to two.
        krb5_auth_con_setsendsubkey_k(context, auth_context, send_subkey);
GJM: This is the line that need to be added to fix the leak. This line to puts the refcount back to one since send_subkey is on the stack and goes out of scope the only reference left is in the context so the refcount should be one not two
         krb5_k_free_key(context, send_subkey);           <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ADD THIS LINE  TO FIX THE LEAK
Subject: SVN Commit

Fix a memory leak in make_gss_checksum.

Commit By: ghudson
Revision: 25323
Changed Files:
U trunk/src/lib/gssapi/krb5/init_sec_context.c
Subject: SVN Commit

pull up r25323 from trunk

r25323 | ghudson | 2011-10-07 18:17:06 -0400 (Fri, 07 Oct 2011) | 8 lines

ticket: 6972
target_version: 1.9.2
tags: pullup

Fix a memory leak in make_gss_checksum.

Commit By: tlyu
Revision: 25383
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/init_sec_context.c