Skip Menu |
 

From: Seemant Choudhary <seemant@soha.io>
Date: Tue, 23 Aug 2016 12:18:33 -0700
Subject: Memory leak: [Kerberos V5 Release 1.14.3 : src/lib/krb5/krb/srv_dec_tkt..c]
To: krb5-bugs@mit.edu
Following patch fixes the problem. The issue can be reproduced by generating keytab file with multiple encryption types. For example on a Windows server use ktpass with enctype set to All to generate the keytab file.

--- /home/seemant/Downloads/krb5-1.14.3/src/lib/krb5/krb/srv_dec_tkt.c 2016-07-20 15:32:50.000000000 -0700
+++ srv_dec_tkt.c 2016-08-22 11:03:32.816586243 -0700
@@ -99,8 +99,11 @@
         retval = KRB5_KT_NOTFOUND;
         while ((code = krb5_kt_next_entry(context, keytab,
                                           &ktent, &cursor)) == 0) {
-            if (ktent.key.enctype != ticket->enc_part.enctype)
+            if (ktent.key.enctype != ticket->enc_part.enctype) {
+                /* We need to free the entry to avoid memory leak */
+                (void) krb5_free_keytab_entry_contents(context, &ktent);
                 continue;
+            }
 
             retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
             if (retval == 0) {

Thanks, I have confirmed this leak using kvno -k and a reordered keytab.
Is it okay to use "Seemant Choudhary <seemant@soha.io>" as the author field
of the git commit for the fix?
From: Seemant Choudhary <seemant@soha.io>
Subject: Re: [krbdev.mit.edu #8482] Memory leak: [Kerberos V5 Release 1.14.3 : src/lib/krb5/krb/srv_dec_tkt..c]
Date: Wed, 24 Aug 2016 09:52:17 -0700
To: rt-comment@krbdev.mit.edu
RT-Send-Cc:
yes you can use my name.

regards,
seemant

Sent from my iPhone

Show quoted text
> On Aug 24, 2016, at 9:16 AM, Greg Hudson via RT <rt-comment@krbdev.mit.edu> wrote:
>
> Thanks, I have confirmed this leak using kvno -k and a reordered keytab.
> Is it okay to use "Seemant Choudhary <seemant@soha.io>" as the author field
> of the git commit for the fix?
From: ghudson@mit.edu
Subject: git commit

Fix leak in krb5_server_decrypt_ticket_keytab()

When we skip a keytab entry because it is of the wrong enctype, free
it before continuing.

https://github.com/krb5/krb5/commit/9984c2343c96f3aaaf8a8d6dfc1b6de1eae533c2
Author: Seemant Choudhary <seemant@soha.io>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 9984c2343c96f3aaaf8a8d6dfc1b6de1eae533c2
Branch: master
src/lib/krb5/krb/srv_dec_tkt.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix leak in krb5_server_decrypt_ticket_keytab()

When we skip a keytab entry because it is of the wrong enctype, free
it before continuing.

(cherry picked from commit 9984c2343c96f3aaaf8a8d6dfc1b6de1eae533c2)

https://github.com/krb5/krb5/commit/84381ce2197ae41165ae479a503c51306660dc62
Author: Seemant Choudhary <seemant@soha.io>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 84381ce2197ae41165ae479a503c51306660dc62
Branch: krb5-1.14
src/lib/krb5/krb/srv_dec_tkt.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix leak in krb5_server_decrypt_ticket_keytab()

When we skip a keytab entry because it is of the wrong enctype, free
it before continuing.

(cherry picked from commit 9984c2343c96f3aaaf8a8d6dfc1b6de1eae533c2)

https://github.com/krb5/krb5/commit/2cd4ec15e28f669e650c71a52c2a755a982820e2
Author: Seemant Choudhary <seemant@soha.io>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 2cd4ec15e28f669e650c71a52c2a755a982820e2
Branch: krb5-1.13
src/lib/krb5/krb/srv_dec_tkt.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)