[krbdev.mit.edu #6800] memory leak in kg_new_connection

The RT System itself via RT rt-comment at krbdev.mit.edu
Thu Oct 7 14:09:58 EDT 2010 

>From krb5-bugs-incoming-bounces at PCH.mit.edu  Thu Oct  7 14:09:58 2010
Return-Path: <krb5-bugs-incoming-bounces at PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by krbdev.mit.edu (Postfix) with ESMTP id 0ED043E64C;
	Thu,  7 Oct 2010 14:09:58 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o97I9vHN011154;
	Thu, 7 Oct 2010 14:09:57 -0400
Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o97HCW0p022083
	for <krb5-bugs-incoming at PCH.mit.edu>; Thu, 7 Oct 2010 13:12:32 -0400
Received: from dmz-mailsec-scanner-6.mit.edu (DMZ-MAILSEC-SCANNER-6.MIT.EDU
	[18.7.68.35])
	by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id o97H5JbC006991
	for <krb5-bugs at mit.edu>; Thu, 7 Oct 2010 13:12:32 -0400
X-AuditID: 12074423-b7bd0ae000000a00-bd-4cadff7fa1ff
Received: from mail-yx0-f177.google.com ( [209.85.213.177])
	by dmz-mailsec-scanner-6.mit.edu (Symantec Brightmail Gateway) with
	SMTP id 9F.3F.02560.F7FFDAC4; Thu,  7 Oct 2010 13:12:31 -0400 (EDT)
Received: by yxm34 with SMTP id 34so41048yxm.36
	for <krb5-bugs at mit.edu>; Thu, 07 Oct 2010 10:12:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:mime-version:received:from:date
	:message-id:subject:to:content-type;
	bh=xlDo24bm/tx6aaJJwiHkUIQqWkVoQ/cHr1UX8vPd9m0=;
	b=ZnEx7p14Vt+J4qaqzepSinA8WThzd1DYLbsjGvZN6CN0TGqf+vMwqW74ikVtSLCIQx
	St8VJxYLivpkZHYsGoUGFMU7aNhXi8v7+qPvnoJByTu7NVWwho16PAi6Blbn02heCDH/
	foW4ECldUbLurrhkADo7SFcCVUAU+SXxmYMHY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:from:date:message-id:subject:to:content-type;
	b=VRw23ZWMDVcaVUJQ2NuGLrH5N1UOZpz9+WOGvFx9glgmgV/i31ejACxgJpsbz/5TrH
	vwKH1LrhFQBhZYlCXzeyXOGEmhpKvWtyF/pUvEaraHnVpqUMtMeFyTnpIdgcJIQOcIbC
	d9Mf526rjpSjvJgn0MAeu0ibARdJLqCzPKNAo=
Received: by 10.42.72.129 with SMTP id o1mr465374icj.226.1286471551279; Thu,
	07 Oct 2010 10:12:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.245.2 with HTTP; Thu, 7 Oct 2010 10:12:11 -0700 (PDT)
From: Julien Chaffraix <julien.chaffraix at gmail.com>
Date: Thu, 7 Oct 2010 10:12:11 -0700
Message-ID: <AANLkTimtCZ8a-aFbv-kOhgb+h+=8-igizi4=XE3hfNda at mail.gmail.com>
Subject: memory leak in kg_new_connection
To: krb5-bugs at mit.edu
Content-Type: text/plain; charset=ISO-8859-1
X-Brightmail-Tracker: AAAAAxZCyC4WQ2m9FkN78A==
X-Mailman-Approved-At: Thu, 07 Oct 2010 14:09:54 -0400
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu

>Submitter-Id:  net
>Originator:    Julien Chaffraix
>Organization: Individual
>Confidential: no
>Synopsis:  memory leak in kg_new_connection
>Severity:  non-critical
>Priority: medium
>Category:  krb5-libs
>Class:     sw-bug
>Release:   1.9-prerelease
>Environment:
System: Linux squirrel 2.6.32-25-generic #44-Ubuntu SMP Fri Sep 17
20:26:08 UTC 2010 i686 GNU/Linux
>Description:
(Note: this is a resend as krb5-send-pr does not seem to be working on
my machine)

The function kg_new_connection calls get_credential which allocates a
krb5_creds structure and store it in |k_cred|. The successful path -
the 2 early return at the end of the function - does not free this
memory.

>How-To-Repeat:
Make kg_new_connection return GSS_S_CONTINUE_NEEDED or GSS_S_COMPLETE.
I don't have a reduced test case for that.

>Fix:

Following patch fixes the leak:


Index: src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/init_sec_context.c  (revision 24355)
+++ src/lib/gssapi/krb5/init_sec_context.c  (working copy)
@@ -694,10 +694,10 @@

     /* return successfully */

-    *minor_status = 0;
     if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
         ctx->established = 0;
-        return(GSS_S_CONTINUE_NEEDED);
+        major_status = GSS_S_CONTINUE_NEEDED;
+        goto cleanup;
     } else {
         ctx->seq_recv = ctx->seq_send;
         g_order_init(&(ctx->seqstate), ctx->seq_recv,
@@ -705,11 +705,11 @@
                      (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
         ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
         ctx->established = 1;
-        return(GSS_S_COMPLETE);
+        major_status = GSS_S_COMPLETE;
+        goto cleanup;
     }

 fail:
-    krb5_free_creds(context, k_cred);
     if (ctx_free) {
         if (ctx_free->auth_context)
             krb5_auth_con_free(context, ctx_free->auth_context);
@@ -723,7 +723,9 @@
     } else
         (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);

+cleanup:
     *minor_status = code;
+    krb5_free_creds(context, k_cred);
     return (major_status);
 }

More information about the krb5-bugs mailing list