[krbdev.mit.edu #7941] git commit

[Greg Hudson via RT]

Fix several memory leaks in LDAP KDB modules

Fix memory leaks discovered by running valgrind over kdbtest, and some
related leaks.  Many of them result from not calling ldap_msgfree
after an unsuccessful search (as the OpenLDAP documentation requires)
or after an exception following a search, so many of the fixes move or
add ldap_msgfree calls to cleanup labels.

ldap_osa_free_princ_ent was not used, and could not be used because it
frees the container while krb5_lookup_tl_kadm_data uses a
caller-allocated container.  Change it to leave the container alone,
but to correctly destroy xdrs.  Use it in krb5_ldap_put_principal
where princ_ent was leaked.

In krb5_ldap_put_principal, subtreelist is declared twice in interior
scopes and not properly freed; move it to function scope and free it
up in the cleanup label.  Also in krb5_ldap_put_principal, avoiding
decoding multiple KBR5_TL_KADM_DATA values (which we don't expect to
see) as later decodes would cause earlier decodes to leak.

In krb5_encode_krbsecretkey, fix a leak of the krb5_data container and
also add an error check when calling asn1_encode_sequence_of_keys;
otherwise we would dereference a null pointer if we run out of memory
encoding keys (very unlikely).

https://github.com/krb5/krb5/commit/bfd2a69193ddc1b324d48a7da6455cfbda54fc09
Author: Greg Hudson <ghudson at mit.edu>
Commit: bfd2a69193ddc1b324d48a7da6455cfbda54fc09
Branch: master
 src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c       |    2 +-
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c  |    3 +
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |   57 ++++++++++---------
 src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c |    9 ++-
 src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c      |   11 +++-
 src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c |    4 +-
 src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c       |    3 +-
 7 files changed, 51 insertions(+), 38 deletions(-)