[340] in Kerberos-V5-bugs
memory leak in krb5_free_cred_enc_part
daemon@ATHENA.MIT.EDU (Jim Miller)
Thu Sep 16 16:48:05 1993
From: jim@bilbo.suite.com (Jim Miller)
Date: Thu, 16 Sep 93 15:35:57 -0500
To: krb5-bugs@MIT.EDU
Cc: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com
This bug exists in Kerberos V5, pre-beta3, but I think a similar bug exists in
Kerberos V5, beta2.
Here's the code in f_cred_enc.c (KRB5, pre-beta3):
void
krb5_free_cred_enc_part(val)
register krb5_cred_enc_part *val;
{
register krb5_cred_info **temp;
if (val->r_address)
krb5_free_address(val->r_address);
if (val->s_address)
krb5_free_address(val->s_address);
for (temp = val->ticket_info; *temp; temp++) {
if ((*temp)->session)
krb5_free_keyblock((*temp)->session);
if ((*temp)->client)
krb5_free_principal((*temp)->client);
if ((*temp)->server)
krb5_free_principal((*temp)->server);
if ((*temp)->caddrs)
krb5_free_addresses((*temp)->caddrs);
xfree((*temp));
}
xfree(val);
return;
}
The "for" loop frees the krb5_cred_info structures referenced by pointers in
the "ticket_info" array, but the "ticket_info" array itself never gets freed.
Suggested fix:
+ if (val->ticket_info) {
for (temp = val->ticket_info; *temp; temp++) {
if ((*temp)->session)
krb5_free_keyblock((*temp)->session);
if ((*temp)->client)
krb5_free_principal((*temp)->client);
if ((*temp)->server)
krb5_free_principal((*temp)->server);
if ((*temp)->caddrs)
krb5_free_addresses((*temp)->caddrs);
xfree((*temp));
}
+ xfree(val->ticket_info);
+ }
An alternative fix would be to write a krb5_free_cred_info function.
Jim_Miller@suite.com
