Skip Menu |
 

Subject: Minor memory leak in default_an_to_ln on error
I noticed this by visual inspection while looking at another issue.
def_realm is not freed in all error handling cases in
src/lib/krb5/os/an_to_ln.c. Specifically here:

if ((retval = krb5_get_default_realm(context, &def_realm))) {
return(retval);
}
if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) {
free(def_realm);
return KRB5_LNAME_NOTRANS;
}

if (krb5_princ_size(context, aname) != 1) {
if (krb5_princ_size(context, aname) == 2 ) {
/* Check to see if 2nd component is the local realm. */
if ( strncmp(krb5_princ_component(context,
aname,1)->data,def_realm,
realm_length) ||
realm_length != krb5_princ_component(context,
aname,1)->length)
return KRB5_LNAME_NOTRANS;
}
else
/* no components or more than one component to non-realm
part of name
--no translation. */
return KRB5_LNAME_NOTRANS;
}

free(def_realm);

if the princ size check fails, def_realm is never freed.
From: ghudson@mit.edu
Subject: SVN Commit

Clean up default_an_to_ln and fix a minor leak

The default realm could be leaked if the principal had the wrong
number of components. Reported by Russ Allbery.

https://github.com/krb5/krb5/commit/cf520a2d2ed60360f6bad145ef749a10723bc4da
Author: Greg Hudson <ghudson@mit.edu>
Commit: cf520a2d2ed60360f6bad145ef749a10723bc4da
Branch: master
src/lib/krb5/os/an_to_ln.c | 58 +++++++++++++++++--------------------------
1 files changed, 23 insertions(+), 35 deletions(-)