[krbdev.mit.edu #7161] Minor memory leak in default_an_to_ln on error
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Wed Jun 6 17:03:34 EDT 2012
I noticed this by visual inspection while looking at another issue.
def_realm is not freed in all error handling cases in
src/lib/krb5/os/an_to_ln.c. Specifically here:
if ((retval = krb5_get_default_realm(context, &def_realm))) {
return(retval);
}
if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) {
free(def_realm);
return KRB5_LNAME_NOTRANS;
}
if (krb5_princ_size(context, aname) != 1) {
if (krb5_princ_size(context, aname) == 2 ) {
/* Check to see if 2nd component is the local realm. */
if ( strncmp(krb5_princ_component(context,
aname,1)->data,def_realm,
realm_length) ||
realm_length != krb5_princ_component(context,
aname,1)->length)
return KRB5_LNAME_NOTRANS;
}
else
/* no components or more than one component to non-realm
part of name
--no translation. */
return KRB5_LNAME_NOTRANS;
}
free(def_realm);
if the princ size check fails, def_realm is never freed.
More information about the krb5-bugs
mailing list