[11888] in Kerberos-V5-bugs
[krbdev.mit.edu #6863] memory leak on SPNEGO error path
daemon@ATHENA.MIT.EDU (Arlene Berry" via RT)
Wed Feb 9 16:07:33 2011
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: ""Arlene Berry" via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6863@krbdev.mit.edu>
Message-ID: <rt-6863-33762.3.69112991322233@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6863'":;"'AdminCc of krbdev.mit.edu Ticket #6863'":;@MIT.EDU
Date: Wed, 9 Feb 2011 16:07:31 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
We ran into this awhile ago and I think the issue was that a failure on
a non-initial call to gss_init_sec_context or gss_accept_sec_context
results in the SPNEGO context being freed. The caller then calls
gss_delete_sec_context on the union context which calls down into SPNEGO
which calls gss_delete_sec_context on the NULL context which reports an
error. The error is passed up to the mechglue layer which returns it
and doesn't free the union context.
Index: src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- src/lib/gssapi/spnego/spnego_mech.c (revision 24618)
+++ src/lib/gssapi/spnego/spnego_mech.c (working copy)
@@ -2080,16 +2080,18 @@
/*
* If this is still an SPNEGO mech, release it locally.
*/
- if (*ctx != NULL &&
- (*ctx)->magic_num == SPNEGO_MAGIC_ID) {
- (void) gss_delete_sec_context(minor_status,
- &(*ctx)->ctx_handle,
- output_token);
- (void) release_spnego_ctx(ctx);
- } else {
- ret = gss_delete_sec_context(minor_status,
- context_handle,
- output_token);
+ if (*ctx != NULL)
+ {
+ if ((*ctx)->magic_num == SPNEGO_MAGIC_ID) {
+ (void) gss_delete_sec_context(minor_status,
+ &(*ctx)->ctx_handle,
+ output_token);
+ (void) release_spnego_ctx(ctx);
+ } else {
+ ret = gss_delete_sec_context(minor_status,
+ context_handle,
+ output_token);
+ }
}
return (ret);
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
