Ticket History #8698: Resource leak in aname

# Fri Jun 15 10:51:20 2018 Bean Zhang <bean.zhang@centrify.com> - Ticket created

From:	Bean Zhang <bean.zhang@centrify.com>
To:	"krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject:	Resource leak in aname_replacer()
Date:	Fri, 15 Jun 2018 09:12:40 +0000

Download (untitled) / with headers
text/plain 387B

Download (untitled) / with headers
text/html 850B

Hi Team,

aname_replacer() in krb5-1.16.1/src/lib/krb5/os/localauth_rule.c

assigns a allocated memory by calling strdup() to pointer current,

later if runs into any "goto cleanup", the allocated momory

"current" points to will not be freed when leaves this function.

The fix is to call free(current) before "goto cleanup".

Could someone help to take a look?

Thanks,

Bean

# Tue Jun 19 10:51:20 2018 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'

# Tue Jun 19 10:51:20 2018 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Tue Jun 19 10:51:20 2018 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 493B

Fix minor leak in localauth RULE handling

In aname_replacer(), initialize current, null it when transferring
ownership to the caller, and free it on cleanup. Otherwise it leaks
on failure. Reported by Bean Zhang.

https://github.com/krb5/krb5/commit/dbc2ccd6d9ff546e2f4af54898c952ffa4eebf44
Author: Greg Hudson <ghudson@mit.edu>
Commit: dbc2ccd6d9ff546e2f4af54898c952ffa4eebf44
Branch: master
src/lib/krb5/os/localauth_rule.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

# Sat Oct 27 11:45:53 2018 ghudson@mit.edu (Greg Hudson) - Version_Fixed 1.17 added

Ticket History #8698: Resource leak in aname_replacer()