Patch 7/9: client_pubkey always leaks in server_process_dh()

Alexandr Nedvedicky alexandr.nedvedicky at
Mon Feb 19 19:47:10 EST 2018


I'm upgrading kerberos bundled with Solaris to krb5-1.16. Solaris currently
ships krb5-1.15.1. I've noticed there are some memory leaks, while running test
suite, which comes with krb-1.16 (e.g. running 'make check').  I don't think
those memory leaks are critical, though as kerberos newbie I can't be sure, so
I think I'm better to share my findings. All memory leaks were found using
'libumem', which can be found on Solaris (or its OSS sibbling illumos).
All patches are against krb5-1.16 release.

In function server_process_dh() the client_pubkey is not needed once
we print it at line 2991. we must just free it to avoid memory leak.


diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 19bf1c359..028d4cd34 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2994,6 +2994,9 @@ server_process_dh(krb5_context context,
     print_buffer(*server_key, *server_key_len);
+    BN_free(client_pubkey);
+    client_pubkey = NULL;
     /* KDC reply */
     /* pack DH public key */
     /* Diffie-Hellman public key must be ASN1 encoded as an INTEGER; this

More information about the krbdev mailing list