[krbdev.mit.edu #1497] Memory leak/improper data storage in serializer of krb5_context
Ezra Peisach via RT
rt-comment at krbdev.mit.edu
Fri May 16 14:06:55 EDT 2003
Now that the os_context is directly part of the krb5_context structure -
(as opposed to a pointer to the os_context), there appears to be a
memory leak in the serailizer library...
lib/krb5/ser_ctx.c:
krb5_context_internalize allocates memory for the krb5_context
structure.
About line 175, krb5_internalize_opaque called with a pointer to the
os_context structure in the krb5_context. This then gets to
krb5_oscontext_internalize - which allocates the memory for the
krb5_os_context. This pointer is then stored in the pointer passed in
from krb5_context_internalize....
Hmm - on second thought - this is simply wrong... It is overwriting the
structure with a pointer - so the code is even more broken....
Anyways - krb5_context_internalize should pass a pointer to a
krb5_os_context *, and then copy the data back into the krb5_context...
Ezra
More information about the krb5-bugs
mailing list