[4410] in Kerberos
memory leak in krb5_generate_authenticator
daemon@ATHENA.MIT.EDU (Jim Miller)
Fri Dec 30 16:44:56 1994
From: jim@bilbo.suite.com (Jim Miller)
Date: Fri, 30 Dec 94 15:29:27 -0600
To: krb5-bugs@MIT.EDU
Cc: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com
This bug report is for KRB5, beta 4, patchlevel 3.
I believe there is a memory leak and memory corruption in the function
"krb5_generate_authenticator" in the file "krb/mk_req_ext.c". Here's the
suspect code:
krb5_generate_authenticator(...)
.
.
if (key) {
retval = krb5_copy_keyblock(key, &authent->subkey);
if (retval)
return retval;
} else
authent->subkey = 0;
authent->subkey = key; <- ****** overwrites pointer to keyblock copy
The keyblock copy is never freed. Worse, the memory referenced by "key"
is freed twice; once by "krb5_free_authenticator_contents()" and again by
"cleanup_key()".
Suggested fix: delete indicated line.
Jim_Miller@suite.com
