From tlyu@MIT.EDU Tue May 23 10:50:27 2000
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id KAA04351
for <bugs@RT-11.MIT.EDU>; Tue, 23 May 2000 10:50:27 -0400 (EDT)
Received: from SAINT-ELMOS-FIRE.MIT.EDU by MIT.EDU with SMTP
id AA16769; Tue, 23 May 00 10:50:27 EDT
Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3)
id KAA05517; Tue, 23 May 2000 10:50:26 -0400 (EDT)
Message-Id: <200005222140.OAA03343@pasture.packeteer.com>
Date: Mon, 22 May 2000 14:40:55 -0700
From: Guy Riddle <guy@packeteer.com> (by way of tlyu@mit.edu)
Reply-To: ggr@packeteer.com
To: krb5-bugs@MIT.EDU
Subject: Library memory leaks
X-Send-Pr-Version: 3.99
System: Linux pasture 2.2.13 #103 SMP Wed Oct 20 22:04:16 CDT 1999 i686 unknown
Architecture: i686
krb5_decrypt_tkt_part fails, the routine returns without freeing the
krb5_keytab_entry ktent.
2. In function krb5_gss_accept_sec_context in accept_sec_context.c if
an error is encountered after the krb5_auth_context variable
auth_context is allocated but before the krb5_gss_ctx_id_rec ctx is
filled in, the code after the "fail:" label doesn't delete auth_context.
principal passwords.
2. after "fail:", if(auth_context && !ctx) then call krb5_auth_con_setrcache
and krb5_auth_con_free (as krb5_gss_delete_sec_context would have done).
Responsible-Changed-From-To: krb5-unassigned->epeisach
Responsible-Changed-By: epeisach
Responsible-Changed-When: Wed Oct 4 13:40:57 2000
Responsible-Changed-Why:
I have been tracking down memory leaks.
State-Changed-From-To: open-feedback
State-Changed-By: epeisach
State-Changed-When: Fri Oct 13 17:08:22 2000
State-Changed-Why:
I am sending mail. The fixes are ok.
From: Ezra Peisach <epeisach@MIT.EDU>
To: ggr@packeteer.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/855: Two library routines leak memory under error conditions
Date: Wed, 4 Oct 2000 13:54:15 -0400
Hi,
I'm sorry for the long delay of no-one getting back to you about your
reported memory leaks.
With regard to krb5_rd_req_decrypt_tkt_part - you are correct. Obvious fix.
The krb5_gss_accept_sec_context is a little more convoluted.
You said:
I think this is correct. I will need to do some testing to verify the
fact - but I can see the writing on the wall...
Ezra
State-Changed-From-To: feedback-closed
State-Changed-By: epeisach
State-Changed-When: Tue Jan 30 16:15:52 2001
State-Changed-Why:
The patches are correct and will be in a future release.
From: Ezra Peisach <epeisach@MIT.EDU>
To: ggr@packeteer.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/855: Two library routines leak memory under error conditions
Date: Fri, 13 Oct 2000 17:12:20 -0400
Here are the patches - do you agree?
Index: rd_req_dec.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/rd_req_dec.c,v
retrieving revision 5.65
retrieving revision 5.66
diff -c -r5.65 -r5.66
*** rd_req_dec.c 1999/09/24 21:19:39 5.65
--- rd_req_dec.c 2000/10/04 18:09:59 5.66
***************
*** 83,90 ****
enctype, &ktent)))
return retval;
! if ((retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket)))
! return retval;
(void) krb5_kt_free_entry(context, &ktent);
return retval;
--- 83,90 ----
enctype, &ktent)))
return retval;
! retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket);
! /* If error, we will return after freeing memory */
(void) krb5_kt_free_entry(context, &ktent);
return retval;
Index: accept_sec_context.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/gssapi/krb5/accept_sec_context.c,v
retrieving revision 1.55
retrieving revision 1.57
diff -c -r1.55 -r1.57
*** accept_sec_context.c 2000/09/22 17:42:43 1.55
--- accept_sec_context.c 2000/10/04 20:18:46 1.57
***************
*** 743,748 ****
--- 743,753 ----
free(ctypes);
if (authdat)
krb5_free_authenticator(context, authdat);
+ /* The ctx structure has the handle of the auth_context */
+ if (auth_context && !ctx) {
+ (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+ krb5_auth_con_free(context, auth_context);
+ }
if (reqcksum.contents)
xfree(reqcksum.contents);
if (ap_rep.data)
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id KAA04351
for <bugs@RT-11.MIT.EDU>; Tue, 23 May 2000 10:50:27 -0400 (EDT)
Received: from SAINT-ELMOS-FIRE.MIT.EDU by MIT.EDU with SMTP
id AA16769; Tue, 23 May 00 10:50:27 EDT
Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3)
id KAA05517; Tue, 23 May 2000 10:50:26 -0400 (EDT)
Message-Id: <200005222140.OAA03343@pasture.packeteer.com>
Date: Mon, 22 May 2000 14:40:55 -0700
From: Guy Riddle <guy@packeteer.com> (by way of tlyu@mit.edu)
Reply-To: ggr@packeteer.com
To: krb5-bugs@MIT.EDU
Subject: Library memory leaks
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 855
>Category: krb5-libs
>Synopsis: Two library routines leak memory under error conditions
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: epeisach
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 23 10:51:00 EDT 2000
>Last-Modified: Tue Jan 30 16:17:00 EST 2001
>Originator: Guy Riddle
>Organization:
Packeteer>Category: krb5-libs
>Synopsis: Two library routines leak memory under error conditions
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: epeisach
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 23 10:51:00 EDT 2000
>Last-Modified: Tue Jan 30 16:17:00 EST 2001
>Originator: Guy Riddle
>Organization:
Show quoted text
>Release: krb5-1.1.1
>Environment:
embedded>Environment:
System: Linux pasture 2.2.13 #103 SMP Wed Oct 20 22:04:16 CDT 1999 i686 unknown
Architecture: i686
Show quoted text
>Description:
1. In function krb5_rd_req_decrypt_tkt_part in rd_req_dec.c if the call tokrb5_decrypt_tkt_part fails, the routine returns without freeing the
krb5_keytab_entry ktent.
2. In function krb5_gss_accept_sec_context in accept_sec_context.c if
an error is encountered after the krb5_auth_context variable
auth_context is allocated but before the krb5_gss_ctx_id_rec ctx is
filled in, the code after the "fail:" label doesn't delete auth_context.
Show quoted text
>How-To-Repeat:
Occurs in cases of principal mismatches and incorrect serverprincipal passwords.
Show quoted text
>Fix:
1. remove the return if krb5_decrypt_tkt_part fails.2. after "fail:", if(auth_context && !ctx) then call krb5_auth_con_setrcache
and krb5_auth_con_free (as krb5_gss_delete_sec_context would have done).
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: krb5-unassigned->epeisach
Responsible-Changed-By: epeisach
Responsible-Changed-When: Wed Oct 4 13:40:57 2000
Responsible-Changed-Why:
I have been tracking down memory leaks.
State-Changed-From-To: open-feedback
State-Changed-By: epeisach
State-Changed-When: Fri Oct 13 17:08:22 2000
State-Changed-Why:
I am sending mail. The fixes are ok.
From: Ezra Peisach <epeisach@MIT.EDU>
To: ggr@packeteer.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/855: Two library routines leak memory under error conditions
Date: Wed, 4 Oct 2000 13:54:15 -0400
Hi,
I'm sorry for the long delay of no-one getting back to you about your
reported memory leaks.
With regard to krb5_rd_req_decrypt_tkt_part - you are correct. Obvious fix.
The krb5_gss_accept_sec_context is a little more convoluted.
You said:
Show quoted text
> 2. after "fail:", if(auth_context && !ctx) then call krb5_auth_con_setrcache
> and krb5_auth_con_free (as krb5_gss_delete_sec_context would have done).
> and krb5_auth_con_free (as krb5_gss_delete_sec_context would have done).
I think this is correct. I will need to do some testing to verify the
fact - but I can see the writing on the wall...
Ezra
State-Changed-From-To: feedback-closed
State-Changed-By: epeisach
State-Changed-When: Tue Jan 30 16:15:52 2001
State-Changed-Why:
The patches are correct and will be in a future release.
From: Ezra Peisach <epeisach@MIT.EDU>
To: ggr@packeteer.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/855: Two library routines leak memory under error conditions
Date: Fri, 13 Oct 2000 17:12:20 -0400
Here are the patches - do you agree?
Index: rd_req_dec.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/rd_req_dec.c,v
retrieving revision 5.65
retrieving revision 5.66
diff -c -r5.65 -r5.66
*** rd_req_dec.c 1999/09/24 21:19:39 5.65
--- rd_req_dec.c 2000/10/04 18:09:59 5.66
***************
*** 83,90 ****
enctype, &ktent)))
return retval;
! if ((retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket)))
! return retval;
(void) krb5_kt_free_entry(context, &ktent);
return retval;
--- 83,90 ----
enctype, &ktent)))
return retval;
! retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket);
! /* If error, we will return after freeing memory */
(void) krb5_kt_free_entry(context, &ktent);
return retval;
Index: accept_sec_context.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/lib/gssapi/krb5/accept_sec_context.c,v
retrieving revision 1.55
retrieving revision 1.57
diff -c -r1.55 -r1.57
*** accept_sec_context.c 2000/09/22 17:42:43 1.55
--- accept_sec_context.c 2000/10/04 20:18:46 1.57
***************
*** 743,748 ****
--- 743,753 ----
free(ctypes);
if (authdat)
krb5_free_authenticator(context, authdat);
+ /* The ctx structure has the handle of the auth_context */
+ if (auth_context && !ctx) {
+ (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+ krb5_auth_con_free(context, auth_context);
+ }
if (reqcksum.contents)
xfree(reqcksum.contents);
if (ap_rep.data)
Show quoted text
>Unformatted: