Skip Menu |

From: Bean Zhang <>
To: "" <>
Subject: Resource leak in ktutil_add()
Date: Thu, 11 Oct 2018 12:52:13 +0000

Hi Team,


In ktutil_add() of krb5-1.16.1/src/kadmin/ktutil/ktutil_funcs.c,

In the first 3 places to call malloc(), if the first place calling malloc() succeeds,

then the 2nd or 3rd place fails, it just returns ENOMEM without freeing the memory allocated in first place.


Could someone help to take a look?





Subject: git commit

Fix multiple leaks in ktutil addent

In ktutil_add(), free allocations on success as well as failure.
Change all early returns to jumps to the cleanup label. Free the
password buffer and unparsed principal name. Do list manipulation as
the final step to simplify cleanup. Reported by Bean Zhang.
Author: Greg Hudson <>
Commit: 76053d61fecfec8c5ea31c74bec73d2846b5effe
Branch: master
src/kadmin/ktutil/ktutil_funcs.c | 96 +++++++++++++++----------------------
1 files changed, 39 insertions(+), 57 deletions(-)