svn rev #24649: branches/krb5-1-9/src/lib/gssapi/krb5/
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Feb 22 23:36:54 EST 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24649
Commit By: tlyu
Log Message:
ticket: 6800
version_fixed: 1.9.1
status: resolved
pull up r24646 from trunk
------------------------------------------------------------------------
r24646 | ghudson | 2011-02-22 16:06:23 -0500 (Tue, 22 Feb 2011) | 8 lines
ticket: 6800
target_version: 1.9.1
tags: pullup
Fix a memory leak introduced in r23926 where k_cred was not freed on
successful return from kg_new_connection(). Reported by Julien
Chaffraix.
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/init_sec_context.c
Modified: branches/krb5-1-9/src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- branches/krb5-1-9/src/lib/gssapi/krb5/init_sec_context.c 2011-02-22 22:17:31 UTC (rev 24648)
+++ branches/krb5-1-9/src/lib/gssapi/krb5/init_sec_context.c 2011-02-23 04:36:53 UTC (rev 24649)
@@ -575,7 +575,7 @@
ctx->magic = KG_CONTEXT;
ctx_free = ctx;
if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
- goto fail;
+ goto cleanup;
krb5_auth_con_setflags(context, ctx->auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
@@ -583,7 +583,7 @@
if (cred->req_enctypes) {
if ((code = krb5_set_default_tgs_enctypes(context,
cred->req_enctypes))) {
- goto fail;
+ goto cleanup;
}
}
@@ -602,7 +602,7 @@
ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
if ((code = krb5_timeofday(context, &now)))
- goto fail;
+ goto cleanup;
if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
ctx->krb_times.endtime = 0;
@@ -611,15 +611,15 @@
}
if ((code = kg_duplicate_name(context, cred->name, 0, &ctx->here)))
- goto fail;
+ goto cleanup;
if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name, 0, &ctx->there)))
- goto fail;
+ goto cleanup;
code = get_credentials(context, cred, ctx->there, now,
ctx->krb_times.endtime, &k_cred);
if (code)
- goto fail;
+ goto cleanup;
ctx->krb_times = k_cred->times;
@@ -634,7 +634,7 @@
if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
!= GSS_S_COMPLETE) {
code = *minor_status;
- goto fail;
+ goto cleanup;
}
/*
* Now try to make it static if at all possible....
@@ -653,7 +653,7 @@
major_status = GSS_S_NO_CRED;
if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
major_status = GSS_S_CREDENTIALS_EXPIRED;
- goto fail;
+ goto cleanup;
}
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp);
@@ -661,11 +661,11 @@
code = krb5_auth_con_getsendsubkey(context, ctx->auth_context,
&keyblock);
if (code != 0)
- goto fail;
+ goto cleanup;
code = krb5_k_create_key(context, keyblock, &ctx->subkey);
krb5_free_keyblock(context, keyblock);
if (code != 0)
- goto fail;
+ goto cleanup;
}
ctx->enc = NULL;
@@ -673,24 +673,12 @@
ctx->have_acceptor_subkey = 0;
code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
if (code != 0)
- goto fail;
+ goto cleanup;
- /* at this point, the context is constructed and valid,
- hence, releaseable */
-
- /* intern the context handle */
-
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- code = G_VALIDATE_FAILED;
- goto fail;
- }
- *context_handle = (gss_ctx_id_t) ctx;
- ctx_free = 0;
-
/* compute time_rec */
if (time_rec) {
if ((code = krb5_timeofday(context, &now)))
- goto fail;
+ goto cleanup;
*time_rec = ctx->krb_times.endtime - now;
}
@@ -703,12 +691,19 @@
if (actual_mech_type)
*actual_mech_type = mech_type;
+ /* At this point, the context is constructed and valid; intern it. */
+ if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
+ code = G_VALIDATE_FAILED;
+ goto cleanup;
+ }
+
/* return successfully */
- *minor_status = 0;
+ *context_handle = (gss_ctx_id_t) ctx;
+ ctx_free = NULL;
if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
ctx->established = 0;
- return(GSS_S_CONTINUE_NEEDED);
+ major_status = GSS_S_CONTINUE_NEEDED;
} else {
ctx->seq_recv = ctx->seq_send;
g_order_init(&(ctx->seqstate), ctx->seq_recv,
@@ -716,10 +711,10 @@
(ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
ctx->established = 1;
- return(GSS_S_COMPLETE);
+ major_status = GSS_S_COMPLETE;
}
-fail:
+cleanup:
krb5_free_creds(context, k_cred);
if (ctx_free) {
if (ctx_free->auth_context)
@@ -731,8 +726,7 @@
if (ctx_free->subkey)
krb5_k_free_key(context, ctx_free->subkey);
xfree(ctx_free);
- } else
- (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+ }
*minor_status = code;
return (major_status);
More information about the cvs-krb5
mailing list