[krbdev.mit.edu #2725] memory leak in mk_req_extended() due to an overwrite of the auth context keyblock

[Public Submitter via RT]

Here is the valgrind output:

==28256== 16 bytes in 1 blocks are definitely lost in loss record 3 of 19
==28256==    at 0x1B902A90: malloc (vg_replace_malloc.c:131)
==28256==    by 0x13C9F8: krb5_copy_keyblock (in /usr/lib/libkrb5.so.3.2)
==28256==    by 0x13975C: krb5_auth_con_setuseruserkey (in
/usr/lib/libkrb5.so.3.2)

If you call krb5_auth_con_setuseruserkey() and then later call
krb5_mk_req_extended() it will overwrite the user key w/o freeing the
prior.  See line 142 of mk_req_ext.c and you'll notice that it does a
copy_keyblock over the key I set with setuseruserkey() without doing an
if( auth_ctx->keyblock ) krb_free_keyblock( auth_ctx->keyblock) first.

The work around I have right now, although poor, is to expose struct
_krb5_auth_context into my application space (taken from a krblib source
file) and call krb5_free_keybock( ctx, authCtx->keyblock) before calling
krb5_mk_req_extended()

I believe that any calls that allocate a keyblock for auth_context will
end up leaking if the user calls krb5_mk_req_extended(), but in my
particular case I had called krb5_auth_con_setuseruserkey() to make it
happen.


(BTW: I send a bug with the krb5-send-pr utility but I may have done it
wrong or something, because its been a day and I've not seen it show up
in my mail.)