Bug in krb5_keyblock_data function on Solaris 10/Opensolaris

Markus Moeller huaraz at moeller.plus.com
Mon Oct 15 18:44:30 EDT 2007

You are right and some calling functions like krb5_copy_keyblock do 
allocate, but not krb5_get_credentials(_core) if I now read the code right.

----- Original Message ----- 
From: "Ken Raeburn" <raeburn at MIT.EDU>
To: "Markus Moeller" <huaraz at moeller.plus.com>
Cc: <kerberos at mit.edu>
Sent: Monday, October 15, 2007 11:23 PM
Subject: Re: Bug in krb5_keyblock_data function on Solaris 10/Opensolaris

> On Oct 15, 2007, at 17:44, Markus Moeller wrote:
>> If other people come across this issue(noticable when 
>> krb5_get_credentials
>> is used in cross-realm situations) it had been identified in  Opensolaris
>> snv_57 (http://bugs.opensolaris.org/view_bug.do?bug_id=6565115) but 
>> still
>> hasn't been fixed in source
>> http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/ 
>> common/gssapi/mechs/krb5/krb5/krb/copy_key.c
> Your suggested fix is to have krb5_copy_keyblock_data allocate the  new 
> storage, but the comment documenting the function says it assumes  it's 
> already been allocated, and the body of krb5_copy_keyblock  further down 
> does allocate the new storage before calling  krb5_copy_keyblock.  So if 
> I'm following this right, you'd be adding  a memory leak to 
> krb5_copy_keyblock, wouldn't you?

More information about the Kerberos mailing list