| From: | "McClement, Greg" <greg.mcclement@sap.com> |
| To: | "krb5-bugs@mit.edu" <krb5-bugs@mit.edu> |
| Date: | Fri, 7 Oct 2011 23:24:14 +0200 |
| Subject: | memory leak in version 1.9.1 |
Memory leak in version 1.9.1. See comments prefixed with “GJM:”
krb5-1.9.1/src/lib/gssapi/krb5/init_sec_context.c#2
#ifdef CFX_EXERCISE
#include "../../krb5/krb/auth_con.h"
#endif
static krb5_error_code KRB5_CALLCONV
make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
void *cksum_data, krb5_data **out)
{
krb5_error_code code;
krb5_int32 con_flags;
unsigned char *ptr;
struct gss_checksum_data *data = cksum_data;
…
/*
* RFC 4121 4.1.1 specifies forwarded credentials must be encrypted in
* the session key, but krb5_fwd_tgt_creds will use the send subkey if
* it's set in the auth context. Suppress the send subkey
* temporarily.
*/
GJM: This refcount on the key is one. This line increases it to two .
krb5_auth_con_getsendsubkey_k(context, auth_context, &send_subkey);
GJM: This decrements the refcount back to one.
krb5_auth_con_setsendsubkey_k(context, auth_context, NULL);
code = krb5_fwd_tgt_creds(context, auth_context, 0,
data->cred->name->princ, data->ctx->there->princ,
data->cred->ccache, 1,
&credmsg);
/* Turn KRB5_AUTH_CONTEXT_DO_TIME back on and reset the send subkey. */
krb5_auth_con_setflags(context, auth_context, con_flags);
GJM: This increases the ref count back to two.
krb5_auth_con_setsendsubkey_k(context, auth_context, send_subkey);
GJM: This is the line that need to be added to fix the leak. This line to puts the refcount back to one since send_subkey is on the stack and goes out of scope the only reference left is in the context so the refcount should be one not two
krb5_k_free_key(context, send_subkey); <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ADD THIS LINE TO FIX THE LEAK
Thanks
Greg