[krbdev.mit.edu #3962] krb5_get_server_rcache double free
Shawn Emery via RT
rt-comment at krbdev.mit.edu
Thu Jun 29 22:46:56 EDT 2006
The fix for:
[krbdev.mit.edu #3924] the krb5_get_server_rcache routine frees
is not complete (listed here for convenience):
src/lib/krb5/krb/srv_rcache.c 22 Jun 2006 15:26:59 -0000 1.1.1.1.12.1
@@ -115,17 +115,13 @@
retval = krb5_rc_recover_or_initialize(context, rcache, context->clockskew);
if (retval) {
krb5_rc_close(context, rcache);
- rcache = 0;
goto cleanup;
}
*rcptr = rcache;
- rcache = 0;
retval = 0;
cleanup:
- if (rcache)
- krb5_xfree(rcache);
if (cachename)
krb5_xfree(cachename);
return retval;
---
When krb5_rc_recover_or_initialize() returns failure, rcache now leaks.
We know that krb5_rc_resolve_full() frees rcache after failure, we just
need to set rcache to NULL so that we don't double free. Suggested fix
(diffs based on 1.5-alpha1):
src/lib/krb5/krb/srv_rcache.c:
@@ -103,12 +103,14 @@
#endif
cachename[p++] = '\0';
retval = krb5_rc_resolve_full(context, &rcache, cachename);
- if (retval)
+ if (retval) {
+ rcache = 0;
goto cleanup;
+ }
/*
* First try to recover the replay cache; if that doesn't work,
* initialize it.
*/
Shawn.
--
More information about the krb5-bugs
mailing list