Skip Menu |
 

Subject: memleak in gssint_get_mechanism()
In gssint_get_mechanism() there is:

if (krb5int_open_plugin(aMech->uLibName, &dl, &errinfo) != 0 ||
errinfo.code != 0) {
#if 0
(void) syslog(LOG_INFO, "libgss dlopen(%s): %s\n",
aMech->uLibName, dlerror());
#endif
k5_mutex_unlock(&g_mechListLock);
return ((gss_mechanism)NULL);
}

I think k5_clear_error(&errinfo) should be called before the return here
to avoid leaking memory allocated to errinfo. Here is the allocation
stack that leaks:

Found 4 leaked blocks with total size 334 bytes
At time of each allocation, the call stack was:
[1] vasprintf() at 0x7ff03ae9f130
[2] k5_vset_error() at line 56 in "errors.c"
[3] k5_set_error() at line 44 in "errors.c"
[4] krb5int_open_plugin() at line 187 in "plugins.c"
[5] gssint_get_mechanism() at line 1257 in "g_initialize.c"
[6] gss_add_cred_from() at line 383 in "g_acquire_cred.c"
[7] gss_acquire_cred_from() at line 186 in "g_acquire_cred.c"
[8] get_available_mechs() at line 3233 in "spnego_mech.c"
[wfiveash - Wed Feb 10 16:56:57 2016]:

Show quoted text
> In gssint_get_mechanism() there is:
>
> if (krb5int_open_plugin(aMech->uLibName, &dl, &errinfo) != 0 ||
> errinfo.code != 0) {
> #if 0
> (void) syslog(LOG_INFO, "libgss dlopen(%s): %s\n",
> aMech->uLibName, dlerror());
> #endif
> k5_mutex_unlock(&g_mechListLock);
> return ((gss_mechanism)NULL);
> }
>
> I think k5_clear_error(&errinfo) should be called before the return here
> to avoid leaking memory allocated to errinfo.

Also the call to krb5int_get_plugin_func() in gssint_get_mechanism() has
similar issues.