[31181] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.20]: Fix uncommon PKINIT memory leak
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Nov 15 11:32:14 2022
From: ghudson@mit.edu
To: <cvs-krb5@mit.edu>
Message-ID: <20221115163155.B91F61045F9@krbdev.mit.edu>
Date: Tue, 15 Nov 2022 11:31:55 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/440c974aee745cd435d5cecc8976d7679ae1f7a6
commit 440c974aee745cd435d5cecc8976d7679ae1f7a6
Author: sashan <anedvedicky@gmail.com>
Date: Sun May 29 10:32:57 2022 +0200
Fix uncommon PKINIT memory leak
PKINIT per-request module data objects are normally created by
pkinit_server_verify_padata() and freed by
pkinit_server_return_padata(). In some unusual circumstances, the KDC
may not call the return_padata method after verification succeeds.
Add a free_modreq method and free the object there instead.
[ghudson@mit.edu: rewrote commit message]
(cherry picked from commit 883415036a4b4e0372b84a5a6e46c10b3a67aba0)
ticket: 9065
version_fixed: 1.20.1
src/plugins/preauth/pkinit/pkinit_srv.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 1147a8fc2..865c543c4 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -1022,7 +1022,6 @@ pkinit_server_return_padata(krb5_context context,
(*send_pa)->contents = (krb5_octet *) out_data->data;
cleanup:
- pkinit_fini_kdc_req_context(context, reqctx);
free(scratch.data);
free(out_data);
if (encoded_dhkey_info != NULL)
@@ -1612,6 +1611,13 @@ pkinit_fini_kdc_req_context(krb5_context context, void *ctx)
free(reqctx);
}
+static void
+pkinit_free_modreq(krb5_context context, krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
+{
+ pkinit_fini_kdc_req_context(context, modreq);
+}
+
krb5_error_code
kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
krb5_plugin_vtable vtable);
@@ -1633,5 +1639,6 @@ kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
vt->edata = pkinit_server_get_edata;
vt->verify = pkinit_server_verify_padata;
vt->return_padata = pkinit_server_return_padata;
+ vt->free_modreq = pkinit_free_modreq;
return 0;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
