[krbdev.mit.edu #5442] memory leak in gss_accept_sec_context()
Public Submitter via RT
rt-comment at krbdev.mit.edu
Tue Dec 4 16:20:57 EST 2007
[guest - Sun Oct 28 05:11:06 2007]:
> [guest - Tue Jul 3 17:17:57 2007]:
>
> > Actually, reviewing my patch a little bit, it seems that I released
> > the cred which then goes on to be used in the error case. A not
> > terribly elegant fix to this would be to duplicate the release code
> > above the fail: label and leave the existing code at the tail of the
> > function...
>
> I've encountered the same leak, i'm using the following patch right
> now:
> Would be really nice is this would be fixed in an future krb5 release
> :)
>
> if (decode_krb5_ap_req(&ap_req, &request)) {
> krb5_free_context(context);
> + if (!verifier_cred_handle && cred_handle)
> + krb5_gss_release_cred(minor_status, &cred_handle);
> return (major_status);
> }
Noticed today that this patch destroys minor_status: In any error case,
gss_accept_sec_context() returns now 'No Error' :(. So the additional
gss_release_cred() should use some temporary OM_uint32 for there
minor_status.
More information about the krb5-bugs
mailing list