[29553] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix memory leak in old gssrpc authentication
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Aug 10 13:56:11 2016
Date: Wed, 10 Aug 2016 13:51:33 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201608101751.u7AHpX3T009276@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/9fa91a67e55c265a655f4276ae6ee1b310537e24
commit 9fa91a67e55c265a655f4276ae6ee1b310537e24
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Jun 27 00:21:30 2016 -0400
Fix memory leak in old gssrpc authentication
auth_gssapi_create(), which is now only used to connect to ancient
servers, can leak memory on error or when multiple GSSAPI_INIT calls
are required. Ensure that call_res is freed along all exit paths and
before each repeat clnt_call() invocation.
ticket: 8434 (new)
src/lib/rpc/auth_gssapi.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index 64a6b5b..ace0be9 100644
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -283,6 +283,7 @@ next_token:
PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func));
+ xdr_free(xdr_authgssapi_init_res, &call_res);
memset(&call_res, 0, sizeof(call_res));
callstat = clnt_call(clnt, init_func,
xdr_authgssapi_init_arg, &call_arg,
@@ -409,9 +410,6 @@ next_token:
PRINTF(("gssapi_create: isn is %d\n",
AUTH_PRIVATE(auth)->seq_num));
-
- /* we no longer need these results.. */
- xdr_free(xdr_authgssapi_init_res, &call_res);
}
} else if (call_res.signed_isn.length != 0) {
PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
@@ -438,6 +436,7 @@ next_token:
/* don't assume the caller will want to change clnt->cl_auth */
clnt->cl_auth = save_auth;
+ xdr_free(xdr_authgssapi_init_res, &call_res);
return auth;
/******************************************************************/
@@ -459,6 +458,7 @@ cleanup:
if (rpc_createerr.cf_stat == 0)
rpc_createerr.cf_stat = RPC_AUTHERROR;
+ xdr_free(xdr_authgssapi_init_res, &call_res);
return auth;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
