[prev in list] [next in list] [prev in thread] [next in thread] 

List:       krb5-bugs
Subject:    [krbdev.mit.edu #5442] memory leak in gss_accept_sec_context()
From:       "Public Submitter via RT" <rt-comment () krbdev ! mit ! edu>
Date:       2007-10-28 9:11:08
Message-ID: rt-5442-25634.9.39236792050465 () krbdev ! mit ! edu
[Download RAW message or body]

[guest - Tue Jul  3 17:17:57 2007]:

> Actually, reviewing my patch a little bit, it seems that I released
> the cred which then goes on to be used in the error case.  A not
> terribly elegant fix to this would be to duplicate the release code
> above the fail: label and leave the existing code at the tail of the
> function...

I've encountered the same leak, i'm using the following patch right now:
Would be really nice is this would be fixed in an future krb5 release :)

--- sources/k/krb5/src/lib/gssapi/krb5/accept_sec_context.c	2007/10/17
12:44:54	1.1.1.1
+++ sources/k/krb5/src/lib/gssapi/krb5/accept_sec_context.c	2007/10/28
08:39:09	1.1.1.1.2.1
@@ -903,6 +903,8 @@ krb5_gss_accept_sec_context(minor_status
 
    if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) {
        ctx->k5_context = context;
+       if (!verifier_cred_handle && cred_handle)
+	   krb5_gss_release_cred(minor_status, &cred_handle);
        return(major_status);
    }
 
@@ -938,6 +940,8 @@ krb5_gss_accept_sec_context(minor_status
 	   
        if (decode_krb5_ap_req(&ap_req, &request)) {
 	   krb5_free_context(context);
+	   if (!verifier_cred_handle && cred_handle)
+	       krb5_gss_release_cred(minor_status, &cred_handle);
 	   return (major_status);
        }
        if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED)
@@ -969,6 +973,8 @@ krb5_gss_accept_sec_context(minor_status
        code = krb5_mk_error(context, &krb_error_data, &scratch);
        if (code) {
 	   krb5_free_context(context);
+	   if (!verifier_cred_handle && cred_handle)
+	       krb5_gss_release_cred(minor_status, &cred_handle);
 	   return (major_status);
        }
 
@@ -979,6 +985,8 @@ krb5_gss_accept_sec_context(minor_status
        token.value = (unsigned char *) xmalloc(token.length);
        if (!token.value) {
 	   krb5_free_context(context);
+	   if (!verifier_cred_handle && cred_handle)
+	       krb5_gss_release_cred(minor_status, &cred_handle);
 	   return (major_status);
        }
 
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic