[krbdev.mit.edu #6972] memory leak in version 1.9.1

[McClement@krbdev.mit.edu]

Memory leak in version 1.9.1. See comments prefixed with "GJM:"

krb5-1.9.1/src/lib/gssapi/krb5/init_sec_context.c#2

#ifdef CFX_EXERCISE
#include "../../krb5/krb/auth_con.h"
#endif
static krb5_error_code KRB5_CALLCONV
make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
                   void *cksum_data, krb5_data **out)
{
    krb5_error_code code;
    krb5_int32 con_flags;
    unsigned char *ptr;
    struct gss_checksum_data *data = cksum_data;

...

        /*
         * RFC 4121 4.1.1 specifies forwarded credentials must be encrypted in
         * the session key, but krb5_fwd_tgt_creds will use the send subkey if
         * it's set in the auth context.  Suppress the send subkey
         * temporarily.
         */
GJM: This refcount on the key is one. This line increases it to two .
        krb5_auth_con_getsendsubkey_k(context, auth_context, &send_subkey);
GJM: This decrements the refcount back to one.
        krb5_auth_con_setsendsubkey_k(context, auth_context, NULL);

        code = krb5_fwd_tgt_creds(context, auth_context, 0,
                                  data->cred->name->princ, data->ctx->there->princ,
                                  data->cred->ccache, 1,
                                  &credmsg);

        /* Turn KRB5_AUTH_CONTEXT_DO_TIME back on and reset the send subkey. */
        krb5_auth_con_setflags(context, auth_context, con_flags);
GJM: This increases the ref count back to two.
        krb5_auth_con_setsendsubkey_k(context, auth_context, send_subkey);
GJM: This is the line that need to be added to fix the leak. This line to puts the refcount back to one since send_subkey is on the stack and goes out of scope the only reference left is in the context so the refcount should be one not two
         krb5_k_free_key(context, send_subkey);           <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ADD THIS LINE  TO FIX THE LEAK


Thanks
Greg