[3255] in Kerberos-V5-bugs
krb5-libs/1000: All memory not being freed during error conditions in _kadm5_init_any
daemon@ATHENA.MIT.EDU (ratliff@austin.ibm.com)
Tue Oct 2 12:44:04 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, ratliff@austin.ibm.com
Message-Id: <20011002164313.B999C82C06@spiff.austin.ibm.com>
Date: Tue, 2 Oct 2001 11:43:13 -0500 (CDT)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu, ratliff@austin.ibm.com
>Number: 1000
>Category: krb5-libs
>Synopsis: All memory not being freed during error conditions in _kadm5_init_any
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct 2 12:44:00 EDT 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
IBM Linux Technology Center, Security
>Release: krb5-1.2.2
>Environment:
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
>Description:
The error handling code in _kadm5_init_any in client_init.c calls
free(handle) during error conditions, but them memory allocated for
handle->lhandle is not freed.
I sent this to the krbdev mailing list but it belongs here so that
it is not lost.
>How-To-Repeat:
>Fix:
diff -ur src.old/lib/kadm5/clnt/client_init.c src/lib/kadm5/clnt/client_init.c
--- src.old/lib/kadm5/clnt/client_init.c Thu Sep 13 15:38:48 2001
+++ src/lib/kadm5/clnt/client_init.c Tue Sep 18 11:59:47 2001
@@ -171,6 +171,7 @@
int code = 0;
generic_ret *r;
+ krb5_error_code kret;
initialize_ovk_error_table();
initialize_adb_error_table();
@@ -199,9 +200,17 @@
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
- krb5_init_context(&handle->context);
+ kret = krb5_init_context(&handle->context);
+ if (kret) {
+ free(handle->lhandle);
+ free(handle);
+ return kret;
+ }
+
if(service_name == NULL || client_name == NULL) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return EINVAL;
}
@@ -248,6 +257,8 @@
KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD)
if (params_in && params_in->mask & ILLEGAL_PARAMS) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return KADM5_BAD_CLIENT_PARAMS;
}
@@ -258,6 +269,7 @@
params_in,
&handle->params))) {
krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return(code);
}
@@ -267,7 +279,9 @@
KADM5_CONFIG_KADMIND_PORT)
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+ kadm5_free_config_params(handle->context, &handle->params);
krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
return KADM5_MISSING_CONF_PARAMS;
}
@@ -551,14 +565,18 @@
AUTH_DESTROY(handle->clnt->cl_auth);
if(handle->clnt)
clnt_destroy(handle->clnt);
+ kadm5_free_config_params(handle->context, &handle->params);
cleanup:
krb5_free_cred_contents(handle->context, &creds);
if (gss_client_creds != GSS_C_NO_CREDENTIAL)
(void) gss_release_cred(&minor_stat, &gss_client_creds);
- if (code)
+ if (code) {
+ krb5_free_context(handle->context);
+ free(handle->lhandle);
free(handle);
+ }
return code;
}
>Audit-Trail:
>Unformatted:
