From: | ghudson@mit.edu |
Subject: | git commit |
Fix several memory leaks in LDAP KDB modules
Fix memory leaks discovered by running valgrind over kdbtest, and some
related leaks. Many of them result from not calling ldap_msgfree
after an unsuccessful search (as the OpenLDAP documentation requires)
or after an exception following a search, so many of the fixes move or
add ldap_msgfree calls to cleanup labels.
ldap_osa_free_princ_ent was not used, and could not be used because it
frees the container while krb5_lookup_tl_kadm_data uses a
caller-allocated container. Change it to leave the container alone,
but to correctly destroy xdrs. Use it in krb5_ldap_put_principal
where princ_ent was leaked.
In krb5_ldap_put_principal, subtreelist is declared twice in interior
scopes and not properly freed; move it to function scope and free it
up in the cleanup label. Also in krb5_ldap_put_principal, avoiding
decoding multiple KBR5_TL_KADM_DATA values (which we don't expect to
see) as later decodes would cause earlier decodes to leak.
In krb5_encode_krbsecretkey, fix a leak of the krb5_data container and
also add an error check when calling asn1_encode_sequence_of_keys;
otherwise we would dereference a null pointer if we run out of memory
encoding keys (very unlikely).
https://github.com/krb5/krb5/commit/bfd2a69193ddc1b324d48a7da6455cfbda54fc09
Author: Greg Hudson <ghudson@mit.edu>
Commit: bfd2a69193ddc1b324d48a7da6455cfbda54fc09
Branch: master
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 57 ++++++++++---------
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 9 ++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 11 +++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 4 +-
src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c | 3 +-
7 files changed, 51 insertions(+), 38 deletions(-)