[1455] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

Memory leak in beta 5

daemon@ATHENA.MIT.EDU (Ed Phillips)
Tue Jun 6 17:44:49 1995

Date: Tue, 6 Jun 1995 17:31:09 -0400 (EDT)
From: Ed Phillips <flaregun@udel.edu>
To: kerberos@MIT.EDU, krb5-bugs@MIT.EDU


	keytab_keyproc(), in lib/krb5/krb/in_tkt_ktb.c, leaks memory when
called with keyseed->keytab = NULL.  The keytab is opened but never
closed/freed.  This problem becomes evident when calling krb5_sendauth()
many times, with a NULL keytab argument (meaning, use the default key
store).

	Ed

+-------------------------------------------------------------------------+
| Ed Phillips <flaregun@udel.edu> University of Delaware (302) 831-6082   |
| Jr Systems Programmer, Network and Systems Services, Info. Technologies |
| Public key footprint: 1C D4 AC C2 A3 D5 97 AA  DB 3B D8 85 88 E7 40 B8  |
| Finger flaregun@udel.edu for PGP public key                             |
+-------------------------------------------------------------------------+

krb5_error_code
keytab_keyproc(context, type, salt, keyseed, key)
    krb5_context context;
    const krb5_keytype type;
    krb5_data * salt;
    krb5_const_pointer keyseed;
    krb5_keyblock ** key;
{
    struct keytab_keyproc_arg * arg = (struct keytab_keyproc_arg *)keyseed;
    krb5_keyblock *realkey;
    krb5_error_code retval;
    krb5_keytab kt_id;
    krb5_keytab_entry kt_ent;

    kt_id = arg->keytab;

    if (!valid_keytype(type))
	return KRB5_PROG_ETYPE_NOSUPP;

    if (kt_id == NULL)
	/* Fetch from default keytab location */
	if (retval = krb5_kt_default(context, &kt_id))
	    return retval;


    if (retval = krb5_kt_get_entry(context, kt_id, arg->client,
				   0, /* don't have vno available */
				   type, &kt_ent))
	    return retval;

    if (retval = krb5_copy_keyblock(context, &kt_ent.key, &realkey)) {
	(void) krb5_kt_free_entry(context, &kt_ent);
	return retval;
    }
	
    if (realkey->keytype != type) {
	(void) krb5_kt_free_entry(context, &kt_ent);
	krb5_free_keyblock(context, realkey);
	return KRB5_PROG_ETYPE_NOSUPP;
    }	

/* XXX: Added this to close/free keytab if necessary before returning */

    if (!arg->keytab)
        (void) krb5_kt_close(context, &kt_id);

/* XXX: end */

    (void) krb5_kt_free_entry(context, &kt_ent);
    *key = realkey;
    return 0;
}
home help back first fref pref prev next nref lref last post