[30112] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Fix trivial KDC memory leak with test KDB module

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Feb 26 17:16:43 2018

Date: Mon, 26 Feb 2018 17:16:33 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201802262216.w1QMGXl4017599@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/14f03abd6d5dee71d45293c9369b6cfeaf8a1be5
commit 14f03abd6d5dee71d45293c9369b6cfeaf8a1be5
Author: sashan <anedvedicky@gmail.com>
Date:   Tue Feb 20 22:35:51 2018 +0100

    Fix trivial KDC memory leak with test KDB module
    
    If a KDB module zeroes out the master key in its fetch_master_key()
    method (as the test KDB module does), krb5_db_fetch_mkey() will copy
    it, allocating one byte of memory for the contents.  The KDC will then
    leak it on exit, as the length is zero.  Simplify master key
    destruction using zapfree().
    
    [ghudson@mit.edu: wrote commit message]

 src/kdc/main.c |    6 +-----
 1 files changed, 1 insertions(+), 5 deletions(-)

diff --git a/src/kdc/main.c b/src/kdc/main.c
index e1ee3a9..96281ad 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -161,11 +161,7 @@ finish_realm(kdc_realm_t *rdp)
     if (rdp->realm_context) {
         if (rdp->realm_mprinc)
             krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
-        if (rdp->realm_mkey.length && rdp->realm_mkey.contents) {
-            /* XXX shouldn't memset be zap for safety? */
-            memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
-            free(rdp->realm_mkey.contents);
-        }
+        zapfree(rdp->realm_mkey.contents, rdp->realm_mkey.length);
         krb5_db_fini(rdp->realm_context);
         if (rdp->realm_tgsprinc)
             krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home help back first fref pref prev next nref lref last post