Ticket History #8750: Resource leak in ktutil

# Thu Oct 11 14:34:11 2018 Bean Zhang <bean.zhang@wesoft.com> - Ticket created

From:	Bean Zhang <bean.zhang@wesoft.com>
To:	"krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject:	Resource leak in ktutil_add()
Date:	Thu, 11 Oct 2018 12:52:13 +0000

Download (untitled) / with headers
text/plain 321B

Download (untitled) / with headers
text/html 3.3KiB

Hi Team,

In ktutil_add() of krb5-1.16.1/src/kadmin/ktutil/ktutil_funcs.c,

In the first 3 places to call malloc(), if the first place calling malloc() succeeds,

then the 2nd or 3rd place fails, it just returns ENOMEM without freeing the memory allocated in first place.

Could someone help to take a look?

Thanks,

Bean

# Fri Oct 12 12:37:50 2018 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Fri Oct 12 12:37:50 2018 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'

# Fri Oct 12 12:37:50 2018 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 611B

Fix multiple leaks in ktutil addent

In ktutil_add(), free allocations on success as well as failure.
Change all early returns to jumps to the cleanup label. Free the
password buffer and unparsed principal name. Do list manipulation as
the final step to simplify cleanup. Reported by Bean Zhang.

https://github.com/krb5/krb5/commit/76053d61fecfec8c5ea31c74bec73d2846b5effe
Author: Greg Hudson <ghudson@mit.edu>
Commit: 76053d61fecfec8c5ea31c74bec73d2846b5effe
Branch: master
src/kadmin/ktutil/ktutil_funcs.c | 96 +++++++++++++++----------------------
1 files changed, 39 insertions(+), 57 deletions(-)

# Sat Oct 27 11:45:52 2018 ghudson@mit.edu (Greg Hudson) - Version_Fixed 1.17 added

Ticket History #8750: Resource leak in ktutil_add()