krb5 commit: Fix a variety of one-time leaks
Greg Hudson
ghudson at mit.edu
Wed Aug 10 20:49:25 EDT 2016
https://github.com/krb5/krb5/commit/73c9944ae86cf3a89e11d3d3f15dd9b8da7b9cd1
commit 73c9944ae86cf3a89e11d3d3f15dd9b8da7b9cd1
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Jun 29 17:13:33 2016 -0400
Fix a variety of one-time leaks
Eliminate some memory leaks which should not affect normal operation,
but which make it harder to detect more serious memory leaks.
In kdb5_util, start using the already existing quit() function and
remove redundant DB and master key cleanup performed by individual
commands. In kdb5_destroy(), use util_context instead of creating a
new one. Add an mkey_fullname global variable and use it to make
a bunch of krb5_db_setup_mkey_name() calls unnecessary.
src/appl/gss-sample/gss-client.c | 1 +
src/clients/kdestroy/kdestroy.c | 2 +
src/clients/kinit/extern.h | 1 +
src/clients/kinit/kinit.c | 3 +
src/clients/kinit/kinit_kdb.c | 6 +
src/clients/klist/klist.c | 3 +
src/clients/kswitch/kswitch.c | 4 +
src/kadmin/cli/kadmin.c | 1 +
src/kadmin/cli/keytab.c | 21 ++--
src/kadmin/dbutil/dump.c | 3 +
src/kadmin/dbutil/kdb5_create.c | 6 +-
src/kadmin/dbutil/kdb5_destroy.c | 16 +---
src/kadmin/dbutil/kdb5_mkey.c | 106 +++++---------------
src/kadmin/dbutil/kdb5_util.c | 12 ++-
src/kadmin/dbutil/tabdump.c | 4 +-
src/lib/kadm5/srv/server_init.c | 1 +
src/lib/kadm5/srv/server_kdb.c | 3 +
src/lib/kdb/kdb5.c | 5 +-
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 8 ++-
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c | 6 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 3 +
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 20 +++-
src/slave/kprop.c | 8 +--
src/slave/kpropd.c | 2 +
src/slave/kproplog.c | 2 +
25 files changed, 115 insertions(+), 132 deletions(-)
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index c96da88..93fca1f 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -328,6 +328,7 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags,
display_status("initializing context", maj_stat,
init_sec_min_stat);
(void) gss_release_name(&min_stat, &target_name);
+ (void) gss_release_cred(&min_stat, &cred);
if (*gss_context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&min_stat, gss_context,
GSS_C_NO_BUFFER);
diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c
index 214643b..f955549 100644
--- a/src/clients/kdestroy/kdestroy.c
+++ b/src/clients/kdestroy/kdestroy.c
@@ -166,6 +166,7 @@ main(argc, argv)
krb5_free_string(kcontext, cache_name);
}
krb5_cccol_cursor_free(kcontext, &cursor);
+ krb5_free_context(kcontext);
return 0;
}
@@ -200,5 +201,6 @@ main(argc, argv)
if (!quiet && !errflg)
print_remaining_cc_warning(kcontext);
+ krb5_free_context(kcontext);
return errflg;
}
diff --git a/src/clients/kinit/extern.h b/src/clients/kinit/extern.h
index 28682a1..2c28623 100644
--- a/src/clients/kinit/extern.h
+++ b/src/clients/kinit/extern.h
@@ -28,5 +28,6 @@
#define KINIT_EXTERN_H
krb5_error_code kinit_kdb_init(krb5_context *pcontext, char *realm);
+void kinit_kdb_fini(void);
#endif /* KINIT_EXTERN_H */
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index ce5aa4b..f1cd1b7 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -896,6 +896,9 @@ k5_kinit(opts, k5)
}
cleanup:
+#ifndef _WIN32
+ kinit_kdb_fini();
+#endif
if (options)
krb5_get_init_creds_opt_free(k5->ctx, options);
if (my_creds.client == k5->me) {
diff --git a/src/clients/kinit/kinit_kdb.c b/src/clients/kinit/kinit_kdb.c
index 8e949f9..0b8af10 100644
--- a/src/clients/kinit/kinit_kdb.c
+++ b/src/clients/kinit/kinit_kdb.c
@@ -69,3 +69,9 @@ kinit_kdb_init(krb5_context *pcontext, char *realm)
retval = krb5_kt_register(*pcontext, &krb5_kt_kdb_ops);
return retval;
}
+
+void
+kinit_kdb_fini()
+{
+ kadm5_destroy(server_handle);
+}
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index f8183dd..ba19788 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -341,6 +341,7 @@ void do_keytab(name)
}
printf("\n");
krb5_free_unparsed_name(kcontext, pname);
+ krb5_free_keytab_entry_contents(kcontext, &entry);
}
if (code && code != KRB5_KT_END) {
com_err(progname, code, _("while scanning keytab"));
@@ -505,6 +506,8 @@ show_ccache(krb5_ccache cache)
krb5_free_cred_contents(kcontext, &creds);
}
krb5_free_principal(kcontext, princ);
+ krb5_free_unparsed_name(kcontext, defname);
+ defname = NULL;
if (code == KRB5_CC_END) {
if ((code = krb5_cc_end_seq_get(kcontext, cache, &cur))) {
com_err(progname, code, _("while finishing ticket retrieval"));
diff --git a/src/clients/kswitch/kswitch.c b/src/clients/kswitch/kswitch.c
index 6ad470b..f26ecea 100644
--- a/src/clients/kswitch/kswitch.c
+++ b/src/clients/kswitch/kswitch.c
@@ -117,6 +117,7 @@ main(int argc, char **argv)
princ_name);
exit(1);
}
+ krb5_free_principal(context, princ);
}
ret = krb5_cc_switch(context, cache);
@@ -124,5 +125,8 @@ main(int argc, char **argv)
com_err(progname, ret, _("while switching to credential cache"));
exit(1);
}
+
+ krb5_cc_close(context, cache);
+ krb5_free_context(context);
return 0;
}
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index 45741c7..c53c677 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -585,6 +585,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out)
if (freeprinc)
free(princstr);
+ free(params.keysalts);
free(db_name);
free(db_args);
diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c
index b6edb75..b0c8378 100644
--- a/src/kadmin/cli/keytab.c
+++ b/src/kadmin/cli/keytab.c
@@ -361,7 +361,7 @@ static void
remove_principal(char *keytab_str, krb5_keytab keytab,
char *princ_str, char *kvno_str)
{
- krb5_principal princ;
+ krb5_principal princ = NULL;
krb5_keytab_entry entry;
krb5_kt_cursor cursor;
enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
@@ -371,7 +371,7 @@ remove_principal(char *keytab_str, krb5_keytab keytab,
code = krb5_parse_name(context, princ_str, &princ);
if (code != 0) {
com_err(whoami, code, _("while parsing principal name %s"), princ_str);
- return;
+ goto cleanup;
}
mode = UNDEF;
@@ -409,7 +409,7 @@ remove_principal(char *keytab_str, krb5_keytab keytab,
com_err(whoami, code,
_("while retrieving highest kvno from keytab"));
}
- return;
+ goto cleanup;
}
/* set kvno to spec'ed value for SPEC, highest kvno otherwise */
@@ -420,7 +420,7 @@ remove_principal(char *keytab_str, krb5_keytab keytab,
code = krb5_kt_start_seq_get(context, keytab, &cursor);
if (code != 0) {
com_err(whoami, code, _("while starting keytab scan"));
- return;
+ goto cleanup;
}
did_something = 0;
@@ -441,17 +441,17 @@ remove_principal(char *keytab_str, krb5_keytab keytab,
if (code != 0) {
com_err(whoami, code,
_("while temporarily ending keytab scan"));
- return;
+ goto cleanup;
}
code = krb5_kt_remove_entry(context, keytab, &entry);
if (code != 0) {
com_err(whoami, code, _("while deleting entry from keytab"));
- return;
+ goto cleanup;
}
code = krb5_kt_start_seq_get(context, keytab, &cursor);
if (code != 0) {
com_err(whoami, code, _("while restarting keytab scan"));
- return;
+ goto cleanup;
}
did_something++;
@@ -464,12 +464,12 @@ remove_principal(char *keytab_str, krb5_keytab keytab,
}
if (code && code != KRB5_KT_END) {
com_err(whoami, code, _("while scanning keytab"));
- return;
+ goto cleanup;
}
code = krb5_kt_end_seq_get(context, keytab, &cursor);
if (code) {
com_err(whoami, code, _("while ending keytab scan"));
- return;
+ goto cleanup;
}
/*
@@ -481,6 +481,9 @@ remove_principal(char *keytab_str, krb5_keytab keytab,
fprintf(stderr, _("%s: There is only one entry for principal %s in "
"keytab %s\n"), whoami, princ_str, keytab_str);
}
+
+cleanup:
+ krb5_free_principal(context, princ);
}
/*
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index 90fa87f..4127638 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -204,8 +204,10 @@ prep_ok_file(krb5_context context, char *file_name, int *fd)
retval = krb5_lock_file(context, *fd, KRB5_LOCKMODE_EXCLUSIVE);
if (retval) {
com_err(progname, retval, _("while locking 'ok' file, '%s'"), file_ok);
+ free(file_ok);
return 0;
}
+ free(file_ok);
return 1;
}
@@ -535,6 +537,7 @@ dump_ov_princ(krb5_context context, krb5_db_entry *entry, const char *name,
fputc('\n', fp);
free(princstr);
+ xdr_free(xdr_osa_princ_ent_rec, &adb);
return 0;
}
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index 9bfe201..8173b09 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -114,6 +114,7 @@ static krb5_error_code add_principal
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
+extern char *mkey_fullname;
krb5_data master_salt;
krb5_data tgt_princ_entries[] = {
@@ -155,7 +156,6 @@ void kdb5_create(argc, argv)
int optchar;
krb5_error_code retval;
- char *mkey_fullname;
char *pw_str = 0;
unsigned int pw_size = 0;
int do_stash = 0;
@@ -316,7 +316,6 @@ void kdb5_create(argc, argv)
if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
(retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
- (void) krb5_db_fini(util_context);
com_err(progname, retval, _("while adding entries to the database"));
exit_status++; return;
}
@@ -349,9 +348,6 @@ void kdb5_create(argc, argv)
printf(_("Warning: couldn't stash master key.\n"));
}
/* clean up */
- (void) krb5_db_fini(util_context);
- memset(master_keyblock.contents, 0, master_keyblock.length);
- free(master_keyblock.contents);
if (pw_str) {
memset(pw_str, 0, pw_size);
free(pw_str);
diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c
index e589552..fffce74 100644
--- a/src/kadmin/dbutil/kdb5_destroy.c
+++ b/src/kadmin/dbutil/kdb5_destroy.c
@@ -48,22 +48,8 @@ kdb5_destroy(argc, argv)
char *dbname;
char buf[5];
krb5_error_code retval1;
- krb5_context context;
int force = 0;
- retval1 = kadm5_init_krb5_context(&context);
- if( retval1 )
- {
- com_err(progname, retval1, _("while initializing krb5_context"));
- exit(1);
- }
-
- if ((retval1 = krb5_set_default_realm(context,
- util_context->default_realm))) {
- com_err(progname, retval1, _("while setting default realm name"));
- exit(1);
- }
-
dbname = global_params.dbname;
optind = 1;
@@ -92,7 +78,7 @@ kdb5_destroy(argc, argv)
printf(_("OK, deleting database '%s'...\n"), dbname);
}
- retval1 = krb5_db_destroy(context, db5util_db_args);
+ retval1 = krb5_db_destroy(util_context, db5util_db_args);
if (retval1) {
com_err(progname, retval1, _("deleting database '%s'"), dbname);
exit_status++; return;
diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 0449732..7df8cbc 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -32,6 +32,7 @@ extern krb5_keyblock master_keyblock; /* current mkey */
extern krb5_kvno master_kvno;
extern krb5_principal master_princ;
extern krb5_data master_salt;
+extern char *mkey_fullname;
extern char *mkey_password;
extern char *progname;
extern int exit_status;
@@ -91,6 +92,9 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
* krb5_key_data key_data_contents is a pointer to this key. Using some
* logic from master_key_convert().
*/
+ for (i = 0; i < master_entry->n_key_data; i++)
+ krb5_free_key_data_contents(context, &master_entry->key_data[i]);
+ free(master_entry->key_data);
master_entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) *
(old_key_data_count + 1));
if (master_entry->key_data == NULL)
@@ -190,7 +194,6 @@ kdb5_add_mkey(int argc, char *argv[])
{
int optchar;
krb5_error_code retval;
- char *mkey_fullname;
char *pw_str = 0;
unsigned int pw_size = 0;
int do_stash = 0;
@@ -199,7 +202,7 @@ kdb5_add_mkey(int argc, char *argv[])
krb5_keyblock new_mkeyblock;
krb5_enctype new_master_enctype = ENCTYPE_UNKNOWN;
char *new_mkey_password;
- krb5_db_entry *master_entry;
+ krb5_db_entry *master_entry = NULL;
krb5_timestamp now;
/*
@@ -208,7 +211,6 @@ kdb5_add_mkey(int argc, char *argv[])
*/
memset(&new_mkeyblock, 0, sizeof(new_mkeyblock));
- memset(&master_princ, 0, sizeof(master_princ));
master_salt.data = NULL;
while ((optchar = getopt(argc, argv, "e:s")) != -1) {
@@ -234,16 +236,6 @@ kdb5_add_mkey(int argc, char *argv[])
if (new_master_enctype == ENCTYPE_UNKNOWN)
new_master_enctype = global_params.enctype;
- /* assemble & parse the master key name */
- if ((retval = krb5_db_setup_mkey_name(util_context,
- global_params.mkey_name,
- global_params.realm,
- &mkey_fullname, &master_princ))) {
- com_err(progname, retval, _("while setting up master key name"));
- exit_status++;
- return;
- }
-
retval = krb5_db_get_principal(util_context, master_princ, 0,
&master_entry);
if (retval != 0) {
@@ -321,7 +313,6 @@ kdb5_add_mkey(int argc, char *argv[])
}
if ((retval = krb5_db_put_principal(util_context, master_entry))) {
- (void) krb5_db_fini(util_context);
com_err(progname, retval, _("while adding master key entry to the "
"database"));
exit_status++;
@@ -343,9 +334,7 @@ kdb5_add_mkey(int argc, char *argv[])
cleanup_return:
/* clean up */
- (void) krb5_db_fini(util_context);
- zap((char *)master_keyblock.contents, master_keyblock.length);
- free(master_keyblock.contents);
+ krb5_db_free_principal(util_context, master_entry);
zap((char *)new_mkeyblock.contents, new_mkeyblock.length);
free(new_mkeyblock.contents);
if (pw_str) {
@@ -353,7 +342,6 @@ cleanup_return:
free(pw_str);
}
free(master_salt.data);
- krb5_free_unparsed_name(util_context, mkey_fullname);
return;
}
@@ -361,18 +349,15 @@ void
kdb5_use_mkey(int argc, char *argv[])
{
krb5_error_code retval;
- char *mkey_fullname = NULL;
krb5_kvno use_kvno;
krb5_timestamp now, start_time;
krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL,
*prev_actkvno, *cur_actkvno;
- krb5_db_entry *master_entry;
+ krb5_db_entry *master_entry = NULL;
krb5_keylist_node *keylist_node;
krb5_boolean inserted = FALSE;
krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
- memset(&master_princ, 0, sizeof(master_princ));
-
if (argc < 2 || argc > 3) {
/* usage calls exit */
usage();
@@ -427,16 +412,6 @@ kdb5_use_mkey(int argc, char *argv[])
* 5. put mkey princ.
*/
- /* assemble & parse the master key name */
- if ((retval = krb5_db_setup_mkey_name(util_context,
- global_params.mkey_name,
- global_params.realm,
- &mkey_fullname, &master_princ))) {
- com_err(progname, retval, _("while setting up master key name"));
- exit_status++;
- goto cleanup_return;
- }
-
retval = krb5_db_get_principal(util_context, master_princ, 0,
&master_entry);
if (retval != 0) {
@@ -548,7 +523,6 @@ kdb5_use_mkey(int argc, char *argv[])
}
if ((retval = krb5_db_put_principal(util_context, master_entry))) {
- (void) krb5_db_fini(util_context);
com_err(progname, retval,
_("while adding master key entry to the database"));
exit_status++;
@@ -557,9 +531,7 @@ kdb5_use_mkey(int argc, char *argv[])
cleanup_return:
/* clean up */
- (void) krb5_db_fini(util_context);
- krb5_free_unparsed_name(util_context, mkey_fullname);
- krb5_free_principal(util_context, master_princ);
+ krb5_db_free_principal(util_context, master_entry);
krb5_dbe_free_actkvno_list(util_context, actkvno_list);
return;
}
@@ -568,11 +540,11 @@ void
kdb5_list_mkeys(int argc, char *argv[])
{
krb5_error_code retval;
- char *mkey_fullname = NULL, *output_str = NULL, enctype[BUFSIZ];
+ char *output_str = NULL, enctype[BUFSIZ];
krb5_kvno act_kvno;
krb5_timestamp act_time;
krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno;
- krb5_db_entry *master_entry;
+ krb5_db_entry *master_entry = NULL;
krb5_keylist_node *cur_kb_node;
krb5_keyblock *act_mkey;
krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
@@ -583,16 +555,6 @@ kdb5_list_mkeys(int argc, char *argv[])
return;
}
- /* assemble & parse the master key name */
- if ((retval = krb5_db_setup_mkey_name(util_context,
- global_params.mkey_name,
- global_params.realm,
- &mkey_fullname, &master_princ))) {
- com_err(progname, retval, _("while setting up master key name"));
- exit_status++;
- return;
- }
-
retval = krb5_db_get_principal(util_context, master_princ, 0,
&master_entry);
if (retval != 0) {
@@ -667,10 +629,8 @@ kdb5_list_mkeys(int argc, char *argv[])
cleanup_return:
/* clean up */
- (void) krb5_db_fini(util_context);
- krb5_free_unparsed_name(util_context, mkey_fullname);
+ krb5_db_free_principal(util_context, master_entry);
free(output_str);
- krb5_free_principal(util_context, master_princ);
krb5_dbe_free_actkvno_list(util_context, actkvno_list);
return;
}
@@ -904,8 +864,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
int optchar;
krb5_error_code retval;
krb5_actkvno_node *actkvno_list = 0;
- krb5_db_entry *master_entry;
- char *mkey_fullname = 0;
+ krb5_db_entry *master_entry = NULL;
#ifdef BSD_REGEXPS
char *msg;
#endif
@@ -937,15 +896,8 @@ kdb5_update_princ_encryption(int argc, char *argv[])
usage();
}
- retval = krb5_unparse_name(util_context, master_princ, &mkey_fullname);
- if (retval) {
- com_err(progname, retval, _("while formatting master principal name"));
- exit_status++;
- goto cleanup;
- }
-
if (master_keylist == NULL) {
- com_err(progname, retval, _("master keylist not initialized"));
+ com_err(progname, 0, _("master keylist not initialized"));
exit_status++;
goto cleanup;
}
@@ -1037,7 +989,6 @@ kdb5_update_princ_encryption(int argc, char *argv[])
com_err(progname, retval, _("trying to process principal database"));
exit_status++;
}
- (void) krb5_db_fini(util_context);
if (data.dry_run) {
printf(_("%u principals processed: %u would be updated, %u already "
"current\n"),
@@ -1048,9 +999,12 @@ kdb5_update_princ_encryption(int argc, char *argv[])
}
cleanup:
+ krb5_db_free_principal(util_context, master_entry);
free(regexp);
+#ifdef POSIX_REGEXPS
+ regfree(&data.preg);
+#endif
memset(&new_master_keyblock, 0, sizeof(new_master_keyblock));
- krb5_free_unparsed_name(util_context, mkey_fullname);
krb5_dbe_free_actkvno_list(util_context, actkvno_list);
}
@@ -1095,9 +1049,8 @@ kdb5_purge_mkeys(int argc, char *argv[])
{
int optchar;
krb5_error_code retval;
- char *mkey_fullname = NULL;
krb5_timestamp now;
- krb5_db_entry *master_entry;
+ krb5_db_entry *master_entry = NULL;
krb5_boolean force = FALSE, dry_run = FALSE, verbose = FALSE;
struct purge_args args;
char buf[5];
@@ -1118,7 +1071,6 @@ kdb5_purge_mkeys(int argc, char *argv[])
return;
}
- memset(&master_princ, 0, sizeof(master_princ));
memset(&args, 0, sizeof(args));
optind = 1;
@@ -1141,16 +1093,6 @@ kdb5_purge_mkeys(int argc, char *argv[])
}
}
- /* assemble & parse the master key name */
- if ((retval = krb5_db_setup_mkey_name(util_context,
- global_params.mkey_name,
- global_params.realm,
- &mkey_fullname, &master_princ))) {
- com_err(progname, retval, _("while setting up master key name"));
- exit_status++;
- return;
- }
-
retval = krb5_db_get_principal(util_context, master_princ, 0,
&master_entry);
if (retval != 0) {
@@ -1282,6 +1224,7 @@ kdb5_purge_mkeys(int argc, char *argv[])
if (args.kvnos[j].kvno == (krb5_kvno) old_key_data[i].key_data_kvno) {
if (args.kvnos[j].use_count != 0) {
master_entry->key_data[k++] = old_key_data[i];
+ memset(&old_key_data[i], 0, sizeof(old_key_data[i]));
break;
} else {
/* remove unused mkey */
@@ -1336,6 +1279,11 @@ kdb5_purge_mkeys(int argc, char *argv[])
}
assert(k == num_kvnos_inuse);
+ /* Free any key data entries we did not consume in the loop above. */
+ for (i = 0; i < old_key_data_count; i++)
+ krb5_dbe_free_key_data_contents(util_context, &old_key_data[i]);
+ free(old_key_data);
+
if ((retval = krb5_dbe_update_actkvno(util_context, master_entry,
actkvno_list))) {
com_err(progname, retval,
@@ -1369,7 +1317,6 @@ kdb5_purge_mkeys(int argc, char *argv[])
master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
if ((retval = krb5_db_put_principal(util_context, master_entry))) {
- (void) krb5_db_fini(util_context);
com_err(progname, retval,
_("while adding master key entry to the database"));
exit_status++;
@@ -1378,11 +1325,8 @@ kdb5_purge_mkeys(int argc, char *argv[])
printf(_("%d key(s) purged.\n"), num_kvnos_purged);
cleanup_return:
- /* clean up */
- (void) krb5_db_fini(util_context);
- krb5_free_principal(util_context, master_princ);
+ krb5_db_free_principal(util_context, master_entry);
free(args.kvnos);
- krb5_free_unparsed_name(util_context, mkey_fullname);
krb5_dbe_free_actkvno_list(util_context, actkvno_list);
krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_list);
return;
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index 97a349a..000b559 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -108,6 +108,7 @@ void usage()
krb5_keyblock master_keyblock;
krb5_kvno master_kvno; /* fetched */
extern krb5_principal master_princ;
+char *mkey_fullname;
krb5_db_entry *master_entry = NULL;
int valid_master_key = 0;
@@ -309,7 +310,7 @@ int main(argc, argv)
com_err(progname, retval, _("while getting default realm"));
exit(1);
}
- util_context->default_realm = temp;
+ krb5_free_default_realm(util_context, temp);
}
retval = kadm5_get_config_params(util_context, 1,
@@ -350,8 +351,10 @@ int main(argc, argv)
if( db5util_db_args )
free(db5util_db_args);
+ quit();
kadm5_free_config_params(util_context, &global_params);
krb5_free_context(util_context);
+ free(cmd_argv);
return exit_status;
}
@@ -384,6 +387,7 @@ void set_dbname(argc, argv)
valid_master_key = 0;
}
krb5_free_principal(util_context, master_princ);
+ free(mkey_fullname);
dbactive = FALSE;
}
@@ -421,7 +425,7 @@ static int open_db_and_mkey()
if ((retval = krb5_db_setup_mkey_name(util_context,
global_params.mkey_name,
global_params.realm,
- 0, &master_princ))) {
+ &mkey_fullname, &master_princ))) {
com_err(progname, retval, _("while setting up master key name"));
exit_status++;
return(1);
@@ -530,8 +534,10 @@ quit()
if (finished)
return 0;
+ ulog_fini(util_context);
retval = krb5_db_fini(util_context);
- memset(master_keyblock.contents, 0, master_keyblock.length);
+ zapfree(master_keyblock.contents, master_keyblock.length);
+ krb5_free_principal(util_context, master_princ);
finished = TRUE;
if (retval && retval != KRB5_KDB_DBNOTINITED) {
com_err(progname, retval, _("while closing database"));
diff --git a/src/kadmin/dbutil/tabdump.c b/src/kadmin/dbutil/tabdump.c
index 4f9eb9d..69a3482 100644
--- a/src/kadmin/dbutil/tabdump.c
+++ b/src/kadmin/dbutil/tabdump.c
@@ -370,8 +370,10 @@ princ_flags(struct rec_args *args, const char *name, krb5_db_entry *dbe)
return ret;
/* Don't print unknown flags if they're not set and numeric output
* isn't requested. */
- if (!(flags & (1UL << i)) && strncmp(s, "0x", 2) == 0)
+ if (!(flags & (1UL << i)) && strncmp(s, "0x", 2) == 0) {
+ free(s);
continue;
+ }
}
ret = princflag_rec(h, name, s, ((flags & (1UL << i)) != 0));
free(s);
diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
index ec771ee..b3ae4ff 100644
--- a/src/lib/kadm5/srv/server_init.c
+++ b/src/lib/kadm5/srv/server_init.c
@@ -354,6 +354,7 @@ kadm5_ret_t kadm5_destroy(void *server_handle)
destroy_pwqual(handle);
k5_kadm5_hook_free_handles(handle->context, handle->hook_handles);
+ ulog_fini(handle->context);
krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
kadm5_free_config_params(handle->context, &handle->params);
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index b9664f4..612553b 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -41,11 +41,14 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
realm = r;
}
+ krb5_free_principal(handle->context, master_princ);
+ master_princ = NULL;
if ((ret = krb5_db_setup_mkey_name(handle->context,
handle->params.mkey_name,
realm, NULL, &master_princ)))
goto done;
+ krb5_free_keyblock_contents(handle->context, &master_keyblock);
master_keyblock.enctype = handle->params.enctype;
/*
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 713b39d..a3139a7 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1728,6 +1728,7 @@ krb5_error_code
krb5_dbe_update_mkey_aux(krb5_context context, krb5_db_entry *entry,
krb5_mkey_aux_node *mkey_aux_data_list)
{
+ krb5_error_code status;
krb5_tl_data tl_data;
krb5_int16 version, tmp_kvno;
unsigned char *nextloc;
@@ -1792,7 +1793,9 @@ krb5_dbe_update_mkey_aux(krb5_context context, krb5_db_entry *entry,
}
}
- return (krb5_dbe_update_tl_data(context, entry, &tl_data));
+ status = krb5_dbe_update_tl_data(context, entry, &tl_data);
+ free(tl_data.tl_data_contents);
+ return status;
}
#endif /* KRB5_TL_MKEY_AUX_VER == 1 */
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
index e95791f..5a745e2 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -466,6 +466,7 @@ kdb5_ldap_create(int argc, char *argv[])
global_params.realm);
goto err_nomsg;
}
+ free(rparams->containerref);
rparams->containerref = strdup(argv[i]);
if (rparams->containerref == NULL) {
retval = ENOMEM;
@@ -592,6 +593,7 @@ kdb5_ldap_create(int argc, char *argv[])
global_params.realm);
goto err_nomsg;
}
+ free(ldap_context->lrparams->realm_name);
ldap_context->lrparams->realm_name = strdup(global_params.realm);
if (ldap_context->lrparams->realm_name == NULL) {
retval = ENOMEM;
@@ -699,7 +701,8 @@ cleanup:
exit_status++;
}
- return;
+ krb5_free_keyblock_contents(util_context, &master_keyblock);
+ krb5_free_principal(util_context, master_princ);
}
@@ -749,7 +752,9 @@ kdb5_ldap_modify(int argc, char *argv[])
if (rparams->subtree) {
for (k=0; k<rparams->subtreecount && rparams->subtree[k]; k++)
free(rparams->subtree[k]);
+ free(rparams->subtree);
rparams->subtreecount=0;
+ rparams->subtree = NULL;
}
}
if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
@@ -787,6 +792,7 @@ kdb5_ldap_modify(int argc, char *argv[])
global_params.realm);
goto err_nomsg;
}
+ free(rparams->containerref);
rparams->containerref = strdup(argv[i]);
if (rparams->containerref == NULL) {
retval = ENOMEM;
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
index 8d6f375..818ff62 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
@@ -392,8 +392,8 @@ main(int argc, char *argv[])
exit_status++;
goto cleanup;
}
- } else
- util_context->default_realm = temp;
+ }
+ krb5_free_default_realm(util_context, temp);
}
/* If we have the realm name, we can safely say that
* realm_name is required so that we don't neglect any information.
@@ -585,7 +585,7 @@ cleanup:
if (util_context) {
if (gp_is_static == 0)
kadm5_free_config_params(util_context, &global_params);
- krb5_ldap_close(util_context);
+ krb5_db_fini(util_context);
krb5_free_context(util_context);
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index 0606278..28dffe0 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -881,6 +881,9 @@ krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams)
free(rparams->subtree);
}
+ if (rparams->containerref)
+ free(rparams->containerref);
+
if (rparams->kdcservers) {
for (i=0; rparams->kdcservers[i]; ++i)
free(rparams->kdcservers[i]);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 85e56fe..f5c6ab8 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -35,6 +35,16 @@
/* Ticket policy object management */
+static void
+free_list(char **list)
+{
+ int i;
+
+ for (i = 0; list != NULL && list[i] != NULL; i++)
+ free(list[i]);
+ free(list);
+}
+
/*
* create the Ticket policy object in Directory.
*/
@@ -263,6 +273,7 @@ cleanup:
krb5_ldap_free_policy(context, lpolicy);
*policy = NULL;
}
+ free(policy_dn);
ldap_msgfree(result);
krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
return st;
@@ -377,6 +388,7 @@ krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
}
cleanup:
+ free_list(list);
return st;
}
@@ -477,12 +489,8 @@ cleanup:
/* some error, free up all the memory */
if (st != 0) {
- if (*list) {
- for (i=0; (*list)[i]; ++i)
- free ((*list)[i]);
- free (*list);
- *list = NULL;
- }
+ free_list(*list);
+ *list = NULL;
}
ldap_msgfree(result);
krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
diff --git a/src/slave/kprop.c b/src/slave/kprop.c
index 955db50..e80ecab 100644
--- a/src/slave/kprop.c
+++ b/src/slave/kprop.c
@@ -242,13 +242,6 @@ get_tickets(krb5_context context)
exit(1);
}
- /* Fill in the client. */
- retval = krb5_copy_principal(context, my_principal, &creds.client);
- if (retval) {
- com_err(progname, retval, _("while copying client principal"));
- exit(1);
- }
-
if (srvtab != NULL) {
retval = krb5_kt_resolve(context, srvtab, &keytab);
if (retval) {
@@ -598,6 +591,7 @@ xmit_database(krb5_context context, krb5_auth_context auth_context,
send_size, database_size);
exit(1);
}
+ free(inbuf.data);
free(outbuf.data);
}
diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
index 1b60126..ef64222 100644
--- a/src/slave/kpropd.c
+++ b/src/slave/kpropd.c
@@ -1000,6 +1000,8 @@ done:
free(master_svc_princstr);
krb5_free_default_realm(kpropd_context, def_realm);
kadm5_destroy(server_handle);
+ krb5_db_fini(kpropd_context);
+ ulog_fini(kpropd_context);
krb5_free_context(kpropd_context);
return (runonce == 1) ? 0 : 1;
diff --git a/src/slave/kproplog.c b/src/slave/kproplog.c
index 857ef03..4f19eeb 100644
--- a/src/slave/kproplog.c
+++ b/src/slave/kproplog.c
@@ -561,5 +561,7 @@ main(int argc, char **argv)
printf("\n");
+ kadm5_free_config_params(context, ¶ms);
+ krb5_free_context(context);
return 0;
}
More information about the cvs-krb5
mailing list