[krbdev.mit.edu #5442] memory leak in gss_accept_sec_context()
Public Submitter via RT
rt-comment at krbdev.mit.edu
Sun Oct 28 05:11:08 EDT 2007
[guest - Tue Jul 3 17:17:57 2007]:
> Actually, reviewing my patch a little bit, it seems that I released
> the cred which then goes on to be used in the error case. A not
> terribly elegant fix to this would be to duplicate the release code
> above the fail: label and leave the existing code at the tail of the
> function...
I've encountered the same leak, i'm using the following patch right now:
Would be really nice is this would be fixed in an future krb5 release :)
--- sources/k/krb5/src/lib/gssapi/krb5/accept_sec_context.c 2007/10/17
12:44:54 1.1.1.1
+++ sources/k/krb5/src/lib/gssapi/krb5/accept_sec_context.c 2007/10/28
08:39:09 1.1.1.1.2.1
@@ -903,6 +903,8 @@ krb5_gss_accept_sec_context(minor_status
if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) {
ctx->k5_context = context;
+ if (!verifier_cred_handle && cred_handle)
+ krb5_gss_release_cred(minor_status, &cred_handle);
return(major_status);
}
@@ -938,6 +940,8 @@ krb5_gss_accept_sec_context(minor_status
if (decode_krb5_ap_req(&ap_req, &request)) {
krb5_free_context(context);
+ if (!verifier_cred_handle && cred_handle)
+ krb5_gss_release_cred(minor_status, &cred_handle);
return (major_status);
}
if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED)
@@ -969,6 +973,8 @@ krb5_gss_accept_sec_context(minor_status
code = krb5_mk_error(context, &krb_error_data, &scratch);
if (code) {
krb5_free_context(context);
+ if (!verifier_cred_handle && cred_handle)
+ krb5_gss_release_cred(minor_status, &cred_handle);
return (major_status);
}
@@ -979,6 +985,8 @@ krb5_gss_accept_sec_context(minor_status
token.value = (unsigned char *) xmalloc(token.length);
if (!token.value) {
krb5_free_context(context);
+ if (!verifier_cred_handle && cred_handle)
+ krb5_gss_release_cred(minor_status, &cred_handle);
return (major_status);
}
More information about the krb5-bugs
mailing list