krb5 commit: Fix a small memory leak in util_errmap

Greg Hudson ghudson at MIT.EDU
Tue Jan 1 18:02:32 EST 2013 

https://github.com/krb5/krb5/commit/379d39c17b8930718e98185a5b32a0f7f3e3b4b6
commit 379d39c17b8930718e98185a5b32a0f7f3e3b4b6
Author: Greg Hudson <ghudson at mit.edu>
Date:   Mon Dec 31 17:21:46 2012 -0500

    Fix a small memory leak in util_errmap
    
    Calls to gssint_mecherrmap_map_errcode would result in calling
    mecherror_copy with a zero-length mech OID, which would result in an
    OID with 0 for length and malloc(0) for elements.  On platforms which
    return non-null from malloc(0), gssint_mecherrmap_destroy() wouldn't
    free the elements pointer.
    
    Avoid calling malloc(0) and don't use the length field to decide
    whether to free an elements pointer.

 src/lib/gssapi/generic/util_errmap.c |   21 +++++++++------------
 1 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c
index 9fbc9fc..c26ea7b 100644
--- a/src/lib/gssapi/generic/util_errmap.c
+++ b/src/lib/gssapi/generic/util_errmap.c
@@ -79,14 +79,14 @@ static inline int
 mecherror_copy(struct mecherror *dest, struct mecherror src)
 {
     *dest = src;
-    dest->mech.elements = malloc(src.mech.length);
-    if (dest->mech.elements == NULL) {
-        if (src.mech.length)
+    if (src.mech.length > 0) {
+        dest->mech.elements = malloc(src.mech.length);
+        if (dest->mech.elements == NULL)
             return ENOMEM;
-        else
-            return 0;
+        memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
+    } else {
+        dest->mech.elements = NULL;
     }
-    memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
     return 0;
 }
 
@@ -155,8 +155,7 @@ int gssint_mecherrmap_init(void)
    element storage when destroying the collection.  */
 static int free_one(OM_uint32 i, struct mecherror value, void *p)
 {
-    if (value.mech.length && value.mech.elements)
-        free(value.mech.elements);
+    free(value.mech.elements);
     return 0;
 }
 
@@ -229,10 +228,8 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
     }
     err = mecherrmap_add(&m, new_status, me_copy);
     k5_mutex_unlock(&mutex);
-    if (err) {
-        if (me_copy.mech.length)
-            free(me_copy.mech.elements);
-    }
+    if (err)
+        free(me_copy.mech.elements);
 #ifdef DEBUG
     fprintf(f, "%s: mapping ", __FUNCTION__);
     mecherror_print(me, f);

More information about the cvs-krb5 mailing list