krb5 commit: Fix memory leak in LDAP rename

Mon May 30 14:35:38 EDT 2016

https://github.com/krb5/krb5/commit/80d1c7cee0e861166925de1fe157f11a9ef1c22f
commit 80d1c7cee0e861166925de1fe157f11a9ef1c22f
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu May 26 11:18:24 2016 -0400

    Fix memory leak in LDAP rename
    
    krb5_ldap_rename_principal() must free bersecretkey.
    
    ticket: 8065

 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c  |    1 +
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h  |    3 +++
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |    2 +-
 3 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index 00c2c88..d722dbf 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -554,6 +554,7 @@ cleanup:
     free(dn);
     free(suser);
     free(tuser);
+    free_berdata(bersecretkey);
     krb5_db_free_principal(context, entry);
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
index a3f3c3c..72a9f96 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
@@ -140,6 +140,9 @@ krb5_error_code
 krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
                          krb5_kvno *);
 
+void
+free_berdata(struct berval **array);
+
 krb5_error_code
 berval2tl_data(struct berval *in, krb5_tl_data **out);
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 7deafb1..7ba53f9 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -429,7 +429,7 @@ asn1_decode_sequence_of_keys(krb5_data *in, ldap_seqof_key_data *out)
  * Free a NULL-terminated struct berval *array[] and all its contents.
  * Does not set array to NULL after freeing it.
  */
-static void
+void
 free_berdata(struct berval **array)
 {
     int i;
