[28513] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix glob memory leak in GSS initialization
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Aug 7 15:07:44 2014
Date: Thu, 7 Aug 2014 15:07:40 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201408071907.s77J7egG029763@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/20f91672568b1d2e341a9bb0dba88a831f152f1c
commit 20f91672568b1d2e341a9bb0dba88a831f152f1c
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Aug 4 23:34:32 2014 -0400
Fix glob memory leak in GSS initialization
In loadConfigFiles, call globfree even if glob fails, since glob can
allocate memory and report partial results on failure. Also
initialize globbuf before calling glob; this is not strictly required,
but hedges against hypothetical libc implementation bugs which could
leave globbuf.gl_pathc or globbuf.gl_pathv uninitialized on error.
ticket: 7981
src/lib/gssapi/mechglue/g_initialize.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index 85810a9..2987164 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -437,11 +437,12 @@ loadConfigFiles()
load_if_changed(MECH_CONF, g_confFileModTime, &highest);
+ memset(&globbuf, 0, sizeof(globbuf));
if (glob(MECH_CONF_PATTERN, 0, NULL, &globbuf) == 0) {
for (path = globbuf.gl_pathv; *path != NULL; path++)
load_if_changed(*path, g_confFileModTime, &highest);
- globfree(&globbuf);
}
+ globfree(&globbuf);
g_confFileModTime = highest;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
