[krbdev.mit.edu #6793] memory leak
Arlene Berry via RT
rt-comment at krbdev.mit.edu
Wed Oct 6 19:09:11 EDT 2010
If I'm understanding things right, objects should only be added to the
internal database if they are going to be passed out in output
parameters. Both instances of kg_init_name in acquire_cred.c are called
on cred->name which is an internal object and which is not passed out.
I checked krb5_gss_release_cred which does not use KG_INIT_NAME_INTERN
when releasing cred->name. I also looked at krb5_gss_inquire_cred to
see what it does and, if it passes back the name, it calls
kg_duplicate_name with KG_INIT_NAME_INTERN set. As best I can
determine, cred->name is strictly an internal object and the
kg_init_name calls on it should not set KG_INIT_NAME_INTERN.
More information about the krb5-bugs
mailing list