>From krb5-bugs-incoming-bounces at PCH.mit.edu Mon Oct 30 18:37:08 2006
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id SAA02615; Mon, 30 Oct 2006 18:37:07 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9UNabev022521;
Mon, 30 Oct 2006 18:36:37 -0500
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9UMHPvL031674
for <krb5-bugs-incoming at PCH.mit.edu>; Mon, 30 Oct 2006 17:17:25 -0500
Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223])
by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
k9UMHAqZ009044
for <krb5-bugs at mit.edu>; Mon, 30 Oct 2006 17:17:10 -0500 (EST)
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
by mit.edu (Spam Firewall) with ESMTP id F085E2775E6
for <krb5-bugs at mit.edu>; Mon, 30 Oct 2006 17:17:09 -0500 (EST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
[172.16.52.254])
by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
k9UMH9JB011113
for <krb5-bugs at mit.edu>; Mon, 30 Oct 2006 17:17:09 -0500
Received: from localhost.localdomain (sparky.boston.redhat.com [172.16.80.55])
by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id
k9UMH8Eo024205
for <krb5-bugs at mit.edu>; Mon, 30 Oct 2006 17:17:09 -0500
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by localhost.localdomain (8.13.8/8.13.8) with ESMTP id k9UM2lYY008021
for <krb5-bugs at mit.edu>; Mon, 30 Oct 2006 17:02:47 -0500
Received: (from nalin at localhost)
by localhost.localdomain (8.13.8/8.13.8/Submit) id k9UM2l29008020;
Mon, 30 Oct 2006 17:02:47 -0500
Date: Mon, 30 Oct 2006 17:02:47 -0500
From: Nalin Dahyabhai <nalin at redhat.com>
Message-Id: <200610302202.k9UM2l29008020 at localhost.localdomain>
To: krb5-bugs at mit.edu
X-send-pr-version: 3.99
X-Spam-Score: 0.95
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Mon, 30 Oct 2006 18:36:36 -0500
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin at redhat.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
>Submitter-Id: net
>Originator: Nalin Dahyabhai
>Organization: Red Hat
>Confidential: no
>Synopsis: leaks in preauth plugin support
>Severity: non-critical
>Priority: low
>Category: krb5-libs
>Class: sw-bug
>Release: pre-1.6
>Environment:
System: Linux sparky 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686 athlon i386 GNU/Linux
Architecture: i686
>Description:
The list of plugin vtables returned by krb5int_get_plugin_dir_data()
isn't getting freed, either in the client library or in the KDC.
>Fix:
Index: src/kdc/kdc_preauth.c
===================================================================
--- src/kdc/kdc_preauth.c (revision 18750)
+++ src/kdc/kdc_preauth.c (working copy)
@@ -349,6 +352,7 @@
* leave room for a terminator entry. */
preauth_systems = malloc(sizeof(krb5_preauth_systems) * (module_count + 1));
if (preauth_systems == NULL) {
+ krb5int_free_plugin_dir_data(preauth_plugins_ftables);
return ENOMEM;
}
@@ -414,6 +418,7 @@
}
}
}
+ krb5int_free_plugin_dir_data(preauth_plugins_ftables);
n_preauth_systems = k;
/* Add the end-of-list marker. */
preauth_systems[k].name = "[end]";
Index: src/lib/krb5/krb/preauth2.c
===================================================================
--- src/lib/krb5/krb/preauth2.c (revision 18750)
+++ src/lib/krb5/krb/preauth2.c (working copy)
@@ -167,11 +167,13 @@
/* allocate the space we need */
context = malloc(sizeof(*context));
if (context == NULL) {
+ krb5int_free_plugin_dir_data(tables);
return;
}
context->modules = malloc(sizeof(context->modules[0]) * n_modules);
if (context->modules == NULL) {
free(context);
+ krb5int_free_plugin_dir_data(tables);
return;
}
memset(context->modules, 0, sizeof(context->modules[0]) * n_modules);
@@ -216,6 +219,7 @@
}
}
+ krb5int_free_plugin_dir_data(tables);
/* return the result */
*preauth_context = context;
}