[krbdev.mit.edu #8480] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Aug 25 10:31:04 EDT 2016
Fix GSSRPC server credential memory leak
In svc_auth_gss.c, stop using the global svcauth_gss_creds, and
instead keep a credential in struct svc_rpc_gss_data. This change
ensures that the same credential is used for each accept_sec_context
call for a particular context, and ensures that the credential is
freed when the authentication data is destroyed. Also, do not acquire
a credential when the default name is used (as it is in kadmind) as it
is not needed.
Leave the svcauth_gss_creds around for the backportable fix as it is
in the library export list. It will be removed in a subsequent
commit.
https://github.com/krb5/krb5/commit/670d9828086e979d5cdfd26f00ca88958a03754e
Author: Greg Hudson <ghudson at mit.edu>
Commit: 670d9828086e979d5cdfd26f00ca88958a03754e
Branch: master
src/lib/rpc/svc_auth_gss.c | 40 ++++++++++++++--------------------------
1 files changed, 14 insertions(+), 26 deletions(-)
More information about the krb5-bugs
mailing list