[16759] in Kerberos-V5-bugs
[krbdev.mit.edu #9016] Memory leak in krb5_gss_inquire_cred
daemon@ATHENA.MIT.EDU (Sergio Gelato via RT)
Fri Jul 16 12:02:16 2021
From: "Sergio Gelato via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To: <20210716103117.GC13636@astro.su.se>
Message-ID: <rt-4.4.3-2-4139549-1626451318-286.9016-4-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9016":;
Content-Type: multipart/mixed; boundary="----------=_1626451318-4139549-0"
Date: Fri, 16 Jul 2021 12:01:58 -0400
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Errors-To: krb5-bugs-bounces@mit.edu
------------=_1626451318-4139549-0
Content-Type: text/plain; charset="utf-8"
Fri Jul 16 12:01:58 2021: Request 9016 was acted upon.
Transaction: Ticket created by Sergio.Gelato@astro.su.se
Queue: krb5
Subject: Memory leak in krb5_gss_inquire_cred
Owner: Nobody
Requestors: Sergio.Gelato@astro.su.se
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9016 >
(I reported this one to Debian yesterday, #991140 there, but since you still
accept bug reports from people without a GitHub account and it seems to be
still unfixed in master, here it is directly.)
krb5_gss_inquire_cred() doesn't release the default credential on success
when called with GSS_C_NO_CREDENTIAL. Patch attached.
------------=_1626451318-4139549-0
Content-Type: text/x-diff; charset="ascii"; name="fix-inq_cred-leak.patch"
Content-Disposition: attachment; filename="fix-inq_cred-leak.patch"
Content-Transfer-Encoding: 7bit
RT-Attachment: 9016/99434/24555
Author: Sergio Gelato <Sergio.Gelato@astro.su.se>
Date: Wed Jul 14 20:21:29 UTC 2021
Subject: Plug leak in krb5_gss_inquire_cred
Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 added an assignment to
cred_handle but didn't update the cleanup code accordingly. This results
in a leak on every call with GSS_C_NO_CREDENTIAL.
We solve this by analogy with the changes to krb5_gss_init_sec_context_ext()
and to the error cleanup block of krb5_gss_inquire_cred() by the same commit.
Index: krb5-1.17/src/lib/gssapi/krb5/inq_cred.c
===================================================================
--- krb5-1.17.orig/src/lib/gssapi/krb5/inq_cred.c 2019-01-08 17:02:37.000000000 +0100
+++ krb5-1.17/src/lib/gssapi/krb5/inq_cred.c 2021-07-14 22:19:40.022773499 +0200
@@ -197,8 +197,7 @@
mechs = GSS_C_NO_OID_SET;
}
- if (cred_handle == GSS_C_NO_CREDENTIAL)
- krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
+ krb5_gss_release_cred(minor_status, &defcred);
krb5_free_context(context);
*minor_status = 0;
------------=_1626451318-4139549-0
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
------------=_1626451318-4139549-0--
