Skip Menu |
 

History Show all quoted textShow full headers
# Fri Jun 15 10:51:19 2018 Bean Zhang <bean.zhang@centrify.com> - Ticket created
From: Bean Zhang <bean.zhang@centrify.com>
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject: Resource leak in krb5_gss_inquire_cred()
Date: Fri, 15 Jun 2018 08:18:10 +0000
Download (untitled) / with headers
text/plain 428B
Download (untitled) / with headers
text/html 871B
Hi Team,

krb5_gss_inquire_cred() in krb5-1.16.1/src/lib/gssapi/krb5/inq_cred.c
calls generic_gss_create_empty_oid_set() to create a empty oid set and store allocated memory to pointer "mechs"
but later if the code run into "goto fail", the storage mechs points to will not be freed when leaves this function.

The fix is to call gssalloc_free(mechs) in fail label.

Could someone help to take a look?

Thanks,
Bean
# Tue Jun 19 11:00:34 2018 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)
# Tue Jun 19 11:00:34 2018 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'
# Tue Jun 19 11:00:34 2018 ghudson@mit.edu (Greg Hudson) - Correspondence added
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 609B

Fix minor leak in krb5_gss_inquire_cred()

If mechs is created but one of the generic_gss_add_oid_set_member()
calls fails, it leaks. Initialize mechs and free it in the fail
label. Also null mechs when we transfer ownership of it to the
caller, in case we later unify the success and failure exit paths.
Reported by Bean Zhang.

https://github.com/krb5/krb5/commit/46972c0664b7cfd70c40370c22e604efc0225e14
Author: Greg Hudson <ghudson@mit.edu>
Commit: 46972c0664b7cfd70c40370c22e604efc0225e14
Branch: master
src/lib/gssapi/krb5/inq_cred.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
# Sat Oct 27 11:45:53 2018 ghudson@mit.edu (Greg Hudson) - Version_Fixed 1.17 added