[krbdev.mit.edu #8482] Memory leak: [Kerberos V5 Release 1.14.3 : src/lib/krb5/krb/srv_dec_tkt..c]
Seemant Choudhary via RT
rt-comment at krbdev.mit.edu
Wed Aug 24 12:07:30 EDT 2016
Following patch fixes the problem. The issue can be reproduced by
generating keytab file with multiple encryption types. For example on a
Windows server use ktpass with enctype set to All to generate the keytab
file.
--- /home/seemant/Downloads/krb5-1.14.3/src/lib/krb5/krb/srv_dec_tkt.c
2016-07-20
15:32:50.000000000 -0700
+++ srv_dec_tkt.c 2016-08-22 11:03:32.816586243 -0700
@@ -99,8 +99,11 @@
retval = KRB5_KT_NOTFOUND;
while ((code = krb5_kt_next_entry(context, keytab,
&ktent, &cursor)) == 0) {
- if (ktent.key.enctype != ticket->enc_part.enctype)
+ if (ktent.key.enctype != ticket->enc_part.enctype) {
+ /* We need to free the entry to avoid memory leak */
+ *(void) krb5_free_keytab_entry_contents(context, &ktent);*
continue;
+ }
retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
if (retval == 0) {
More information about the krb5-bugs
mailing list