Ticket History #8693: Resource leak in domain_fallback

# Thu Jun 14 10:37:54 2018 Bean Zhang <bean.zhang@wesoft.com> - Ticket created

From:	Bean Zhang <bean.zhang@wesoft.com>
To:	"krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject:	Resource leak in domain_fallback_realm()
Date:	Thu, 14 Jun 2018 09:10:29 +0000

Download (untitled) / with headers
text/plain 414B

Download (untitled) / with headers
text/html 2.5KiB

Hi Team,

In krb5-1.16.1/src/lib/krb5/os/hostrealm_domain.c,

domain_fallback_realm() assigns the storage returned from strdup() to uhost,

but later if calling profile_get_integer() fails, this function returns without freeing the storage uhost points to.

The fix is simple, just call "goto cleanup" instead of "return ret" if calling profile_get_integer() fails.

Could someone help to take a look?

Thanks,

Bean

# Fri Jun 15 11:08:16 2018 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Fri Jun 15 11:08:16 2018 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'

# Fri Jun 15 11:08:16 2018 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 506B

Fix minor leak in krb5_get_fallback_host_realm()

In domain_fallback_realm(), if profile_get_integer() fails, uhost is
leaked. Fix this bug by using the cleanup handler instead of
returning immediately. Reported by Bean Zhang.

https://github.com/krb5/krb5/commit/80ea4fe833c72e3be47509a3216eee726c5fdb26
Author: Greg Hudson <ghudson@mit.edu>
Commit: 80ea4fe833c72e3be47509a3216eee726c5fdb26
Branch: master
src/lib/krb5/os/hostrealm_domain.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

# Sat Oct 27 11:45:53 2018 ghudson@mit.edu (Greg Hudson) - Version_Fixed 1.17 added

Ticket History #8693: Resource leak in domain_fallback_realm()