[krbdev.mit.edu #7586] memory leak in lookup_etypes_for_keytab()
The RT System itself via RT
rt-comment at krbdev.mit.edu
Thu Feb 28 16:36:45 EST 2013
>From krb5-bugs-incoming-bounces at PCH.mit.edu Thu Feb 28 16:36:44 2013
Return-Path: <krb5-bugs-incoming-bounces at PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id 651573F128;
Thu, 28 Feb 2013 16:36:44 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r1SLaicV024082;
Thu, 28 Feb 2013 16:36:44 -0500
Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r1SKeklu016776
for <krb5-bugs-incoming at PCH.mit.edu>; Thu, 28 Feb 2013 15:40:46 -0500
Received: from dmz-mailsec-scanner-2.mit.edu (DMZ-MAILSEC-SCANNER-2.MIT.EDU
[18.9.25.13])
by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id r1SKeanr028799
for <krb5-bugs at mit.edu>; Thu, 28 Feb 2013 15:40:46 -0500
X-AuditID: 1209190d-b7fa66d0000008f6-7a-512fc0cd8054
Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP
id 58.11.02294.DC0CF215; Thu, 28 Feb 2013 15:40:45 -0500 (EST)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r1SKeiEa002644
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
for <krb5-bugs at mit.edu>; Thu, 28 Feb 2013 15:40:44 -0500
Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.184.36])
by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
id r1SKehHt019207
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <krb5-bugs at mit.edu>; Thu, 28 Feb 2013 15:40:43 -0500
Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1])
by blade.bos.redhat.com (8.14.6/8.14.5) with ESMTP id r1SKcbNB002407
for <krb5-bugs at mit.edu>; Thu, 28 Feb 2013 15:38:37 -0500
Received: (from nalin at localhost)
by blade.bos.redhat.com (8.14.6/8.14.6/Submit) id r1SKcbAA002406;
Thu, 28 Feb 2013 15:38:37 -0500
Date: Thu, 28 Feb 2013 15:38:37 -0500
Message-Id: <201302282038.r1SKcbAA002406 at blade.bos.redhat.com>
To: krb5-bugs at mit.edu
Subject: memory leak in lookup_etypes_for_keytab()
From: nalin at redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRWlGSWpSXmKPExsVysWW7jO7ZA/qBBrO3WVs0PDzO7sDo0XTm
KHMAYxSXTUpqTmZZapG+XQJXxuWjW9kLVghV9Oy+wNbAuJ23i5GTQ0LARKLpwSN2EJtRwFvi
zdXj7BBxMYkL99azdTFycQgJnGCU+He7hR3C2cQk0XH7AyOEs5RJ4sCsa1BlJxklHnQ+gypr
Y5Q49ukJG8gwFgFViY5fy1hBbF4BO4n7SzsZQWwRAVGJl3+PsYDYwgJGEt/PLQGrYQNafmPe
KTBbSEBKov3SdLA5zAIsEn/ebGCBOFBcYsf201DHaks8vzCZfQKj4AJGhlWMsim5Vbq5iZk5
xanJusXJiXl5qUW6Rnq5mSV6qSmlmxiBoSbEKcm7g/HdQaVDjAIcjEo8vAFV+oFCrIllxZW5
hxglOZiURHn79wGF+JLyUyozEosz4otKc1KLDzFKcDArifD6TQXK8aYkVlalFuXDpKQ5WJTE
ea+k3PQXEkhPLEnNTk0tSC2CyTJxsB9ilOHgUJLg7d4P1C1YlJqeWpGWmVOCrIYTRHCBrOEB
WjMRpJC3uCAxtzgzHaLoFKOilDhvI0hCACSRUZoHNwCWHi4xykoJ8zIyMDAI8QBdAPQ4qvwr
RnGgp4V5k0Cm8GTmlcBNfwW0mAloceJVHZDFJYkIKakGxiwtSQ2zsOSvveuWKPid2JJwU7Vd
RdOWnb155ivN6AcLlmqdWjbp+clnIqrN//ZYzPrQnaJtXx8lHfv+jNUBnVtdl9+WF7kq3+Zw
arq4c82NtUKhMU63JggdLSx0K2D8/WB3jZPUyUatN6+CV/8/a2u2TU5iaWVF/qS9U//6b/xw
I4w/nf2spBJLcUaioRZzUXEiAPqyulMKAwAA
X-Mailman-Approved-At: Thu, 28 Feb 2013 16:36:42 -0500
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin at redhat.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
>Submitter-Id: net
>Originator: https://bugzilla.redhat.com/show_bug.cgi?id=911110
>Organization:
>Confidential: no
>Synopsis: memory leak in lookup_etypes_for_keytab()
>Severity: non-critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.11.1
>Environment:
System: Linux blade.bos.redhat.com 3.7.9-201.fc18.x86_64 #1 SMP Mon Feb 18 21:07:56 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64
>Description:
Petr Spacek notes that when we walk the keytab in
lookup_etypes_for_keytab(), we don't free entries when we're finished
examining them. Ensure that when krb5_kt_next_entry() succeeds,
we make sure to free the entry storage before we exit the current
loop iteration.
>How-To-Repeat:
Running 'kinit -k' under a memory profiler turns this up, provided there
aren't any problems accessing the keytab.
>Fix:
--- src/lib/krb5/krb/gic_keytab.c
+++ src/lib/krb5/krb/gic_keytab.c
@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
goto cleanup;
if (!krb5_c_valid_enctype(entry.key.enctype))
- continue;
+ goto next_entry;
if (!krb5_principal_compare(context, entry.principal, client))
- continue;
+ goto next_entry;
/* Make sure our list is for the highest kvno found for client. */
if (entry.vno > max_kvno) {
free(etypes);
@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
count = 0;
max_kvno = entry.vno;
} else if (entry.vno != max_kvno)
- continue;
+ goto next_entry;
/* Leave room for the terminator and possibly a second entry. */
p = realloc(etypes, (count + 3) * sizeof(*etypes));
if (p == NULL) {
+ krb5_free_keytab_entry_contents(context, &entry);
ret = ENOMEM;
goto cleanup;
}
@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
entry.key.enctype == ENCTYPE_DES_CBC_MD4)
etypes[count++] = ENCTYPE_DES_CBC_CRC;
etypes[count] = 0;
+next_entry:
+ krb5_free_keytab_entry_contents(context, &entry);
}
ret = 0;
More information about the krb5-bugs
mailing list