memleak in gss_add_cred_with_password in krb 1.12.1 and 1.13.1
ghudson at mit.edu
Fri Jun 19 17:35:24 EDT 2015
On 06/18/2015 12:13 PM, Sorin Manolache wrote:
> I think I've found a memory leak in gss_add_cred_with_password, in krb5
> 1.12.1 and 1.13.1.
> The gss_OID_set target_mechs in gss_add_cred_with_password
> (lib/gssapi/mechglue/g_acquire_cred_with_pw.c) is not released if the
> function returns GSS_S_COMPLETE.
Thanks; I have filed a pull request. This should be fixed in 1.13.3 and
probably also a 1.12.x patch release.
Be aware that we are planning to change the behavior of
gss_acquire_cred_with_password in 1.14 as discussed here:
More information about the krbdev