[2235] in Kerberos_V5_Development
Memory allocation/freeing
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Feb 18 22:54:34 1997
Date: Tue, 18 Feb 1997 22:53:35 -0500
To: krbdev@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
First, the mainline tree should be in a consistent state again. It took
a few hours to commit all the changes...
Trying to fix the memory allocation issues in the Kerberos library has
required quite a bit of restructuring... especially when we have avoided
any API changes.
A few new routines exist:
krb5_free_data Frees (krb5_data) allocated by krb5 lib
krb5_free_data_contents Frees "data" element of krb5_data
allocated by krb5 lib routines
(eg. krb5_fwd_tgt_creds)
krb5_xfree is now only defined in k5-int.h... No application should ever
call it...
I have identified one more memory allocation in the krb5 lib that needs
to have an associated "free" routine -- krb5_unparse_name allocates a
(char *) in which to place the result, if one is not already allocated.
Even worse -- it tries to realloc even if it was given a buffer, not
knowing whether the buffer even came out of its malloc pool... In this
instance, I see that we will need to adjust the API slightly. There is
also the possibility that a garbage buffer could be passed in and a NULL
dereference occurs.
I propose changing the following code fragment in krb5_unparse_name_ext:
if (*name) {
if (*size < (totalsize)) {
*size = totalsize;
*name = realloc(*name, totalsize);
}
} else {
*name = malloc(totalsize);
if (size)
*size = totalsize;
}
to:
if (*name) {
if (size) {
if (*size < totalsize)
return ENOSPC;
} else {
return EINVAL;
}
} else {
*name = malloc(totalsize);
if (size)
*size = totalsize;
}
This will avoid the case of a garbage pointer being passed to
krb5_unparse_name anc causing a NULL dereference (*size). Also, by
returning an error if the supplied buffer is too small, we avoid trying
to realloc what might not be memory from our malloc pool.
Even so, we still need to add a free function... I propose naming it
krb5_free_unparse_name(krb5_context, char FAR *)
Comments?
--
Richard Basch
Sr. Developer/Analyst, DSO URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 38th Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
