krb5 commit [krb5-1.11]: Fix a memory leak in krb5_get_init_creds_keytab

Tom Yu tlyu at MIT.EDU
Tue Mar 5 16:55:39 EST 2013


https://github.com/krb5/krb5/commit/d2a66c6d4c66151acc0a4975e272f0bdc5844ec7
commit d2a66c6d4c66151acc0a4975e272f0bdc5844ec7
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Feb 28 18:55:31 2013 -0500

    Fix a memory leak in krb5_get_init_creds_keytab
    
    lookup_etypes_for_keytab was not freeing the keytab entries it
    iterated over.  Reported by nalin at redhat.com.
    
    (cherry picked from commit a39af2971e03d3dc6da2cfd8959feebd40a0ffc0)
    
    ticket: 7586
    version_fixed: 1.11.2
    status: resolved

 src/lib/krb5/krb/gic_keytab.c |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index 0fd1034..1dcf50d 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -109,22 +109,29 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
         if (ret)
             goto cleanup;
 
-        if (!krb5_c_valid_enctype(entry.key.enctype))
+        if (!krb5_c_valid_enctype(entry.key.enctype)) {
+            krb5_free_keytab_entry_contents(context, &entry);
             continue;
-        if (!krb5_principal_compare(context, entry.principal, client))
+        }
+        if (!krb5_principal_compare(context, entry.principal, client)) {
+            krb5_free_keytab_entry_contents(context, &entry);
             continue;
+        }
         /* Make sure our list is for the highest kvno found for client. */
         if (entry.vno > max_kvno) {
             free(etypes);
             etypes = NULL;
             count = 0;
             max_kvno = entry.vno;
-        } else if (entry.vno != max_kvno)
+        } else if (entry.vno != max_kvno) {
+            krb5_free_keytab_entry_contents(context, &entry);
             continue;
+        }
 
         /* Leave room for the terminator and possibly a second entry. */
         p = realloc(etypes, (count + 3) * sizeof(*etypes));
         if (p == NULL) {
+            krb5_free_keytab_entry_contents(context, &entry);
             ret = ENOMEM;
             goto cleanup;
         }
@@ -136,6 +143,7 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
             entry.key.enctype == ENCTYPE_DES_CBC_MD4)
             etypes[count++] = ENCTYPE_DES_CBC_CRC;
         etypes[count] = 0;
+        krb5_free_keytab_entry_contents(context, &entry);
     }
 
     ret = 0;


More information about the cvs-krb5 mailing list