Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.8KiB

Fix several memory leaks in LDAP KDB modules

Fix memory leaks discovered by running valgrind over kdbtest, and some
related leaks. Many of them result from not calling ldap_msgfree
after an unsuccessful search (as the OpenLDAP documentation requires)
or after an exception following a search, so many of the fixes move or
add ldap_msgfree calls to cleanup labels.

ldap_osa_free_princ_ent was not used, and could not be used because it
frees the container while krb5_lookup_tl_kadm_data uses a
caller-allocated container. Change it to leave the container alone,
but to correctly destroy xdrs. Use it in krb5_ldap_put_principal
where princ_ent was leaked.

In krb5_ldap_put_principal, subtreelist is declared twice in interior
scopes and not properly freed; move it to function scope and free it
up in the cleanup label. Also in krb5_ldap_put_principal, avoiding
decoding multiple KBR5_TL_KADM_DATA values (which we don't expect to
see) as later decodes would cause earlier decodes to leak.

In krb5_encode_krbsecretkey, fix a leak of the krb5_data container and
also add an error check when calling asn1_encode_sequence_of_keys;
otherwise we would dereference a null pointer if we run out of memory
encoding keys (very unlikely).

https://github.com/krb5/krb5/commit/bfd2a69193ddc1b324d48a7da6455cfbda54fc09
Author: Greg Hudson <ghudson@mit.edu>
Commit: bfd2a69193ddc1b324d48a7da6455cfbda54fc09
Branch: master
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 57 ++++++++++---------
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 9 ++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 11 +++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 4 +-
src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c | 3 +-
7 files changed, 51 insertions(+), 38 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.9KiB

Fix several memory leaks in LDAP KDB modules

Fix memory leaks discovered by running valgrind over kdbtest, and some
related leaks. Many of them result from not calling ldap_msgfree
after an unsuccessful search (as the OpenLDAP documentation requires)
or after an exception following a search, so many of the fixes move or
add ldap_msgfree calls to cleanup labels.

ldap_osa_free_princ_ent was not used, and could not be used because it
frees the container while krb5_lookup_tl_kadm_data uses a
caller-allocated container. Change it to leave the container alone,
but to correctly destroy xdrs. Use it in krb5_ldap_put_principal
where princ_ent was leaked.

In krb5_ldap_put_principal, subtreelist is declared twice in interior
scopes and not properly freed; move it to function scope and free it
up in the cleanup label. Also in krb5_ldap_put_principal, avoiding
decoding multiple KBR5_TL_KADM_DATA values (which we don't expect to
see) as later decodes would cause earlier decodes to leak.

In krb5_encode_krbsecretkey, fix a leak of the krb5_data container and
also add an error check when calling asn1_encode_sequence_of_keys;
otherwise we would dereference a null pointer if we run out of memory
encoding keys (very unlikely).

(cherry picked from commit bfd2a69193ddc1b324d48a7da6455cfbda54fc09)

https://github.com/krb5/krb5/commit/37447050b6c9b92ac8c77da26984624ac43fdbc6
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 37447050b6c9b92ac8c77da26984624ac43fdbc6
Branch: krb5-1.12
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 57 ++++++++++---------
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 9 ++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 11 +++-
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 4 +-
src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c | 3 +-
7 files changed, 51 insertions(+), 38 deletions(-)