Skip Menu |
 

From: Bean Zhang <bean.zhang@centrify.com>
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject: Resource leak in ulog_map()
Date: Wed, 20 Jun 2018 02:07:54 +0000
Hi Team,

In ulog_map() of krb5-1.16.1/src/lib/kdb/kdb_log.c,
When calls mmap(), will return a pointer to the mapped area and assigned to ulog
later if k5alloc() fails, this function returns without unmapping that mapped area ulog points to.

The fix is to call "munmap(ulog)" if this function returns on calling k5alloc() failure.

Could someone help to take a look?

Thanks,
Bean
From: ghudson@mit.edu
Subject: git commit

Improve ulog memory hygiene

Add a helper create_log_context() to initialize a krb5_context's
kdblog_context field, setting ulogfd to -1. Use it in ulog_set_role()
and ulog_map(). In ulog_fini(), release ulogfd if it is not -1.

In ulog_map(), add a cleanup label and use it to finalize the log
context on failure, so that we don't (trivially) leak the mapped ulog.
To reduce the number of "retval = errno;" statements required for this
change, make extend_file_to() return a krb5_error_code.

The ulog leak on error was reported by Bean Zhang.

https://github.com/krb5/krb5/commit/7aff2511c0dab5c51b1155ca2952521ffb925fc5
Author: Greg Hudson <ghudson@mit.edu>
Commit: 7aff2511c0dab5c51b1155ca2952521ffb925fc5
Branch: master
src/lib/kdb/kdb_log.c | 125 +++++++++++++++++++++++++-----------------------
src/slave/kproplog.c | 4 +-
2 files changed, 68 insertions(+), 61 deletions(-)