rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix a memory leak when obtaining creds via keytabs

Browse Source 
- fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110)
This commit is contained in:
Nalin Dahyabhai 2013-02-28 15:57:44 -05:00
parent abff2e5117
commit 6fdbb463fc
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
krb5-lookup_etypes-leak.patch Normal file
View File

@ -0,0 +1,42 @@
Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
we don't free entries when we're finished examining them. Ensure that when
krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
exit the current loop iteration. (RT#7586)
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
goto cleanup;
if (!krb5_c_valid_enctype(entry.key.enctype))
- continue;
+ goto next_entry;
if (!krb5_principal_compare(context, entry.principal, client))
- continue;
+ goto next_entry;
/* Make sure our list is for the highest kvno found for client. */
if (entry.vno > max_kvno) {
free(etypes);
@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
count = 0;
max_kvno = entry.vno;
} else if (entry.vno != max_kvno)
- continue;
+ goto next_entry;
/* Leave room for the terminator and possibly a second entry. */
p = realloc(etypes, (count + 3) * sizeof(*etypes));
if (p == NULL) {
+ krb5_free_keytab_entry_contents(context, &entry);
ret = ENOMEM;
goto cleanup;
}
@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
entry.key.enctype == ENCTYPE_DES_CBC_MD4)
etypes[count++] = ENCTYPE_DES_CBC_CRC;
etypes[count] = 0;
+next_entry:
+ krb5_free_keytab_entry_contents(context, &entry);
}
ret = 0;

7
krb5.spec
View File

@ -30,7 +30,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.11.1
Release: 2%{?dist}
Release: 3%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
Source0: krb5-%{version}.tar.gz
@ -73,6 +73,7 @@ Patch75: krb5-pkinit-debug.patch
Patch86: krb5-1.9-debuginfo.patch
Patch105: krb5-kvno-230379.patch
Patch113: krb5-1.11-alpha1-init.patch
Patch114: krb5-lookup_etypes-leak.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -282,6 +283,7 @@ ln -s NOTICE LICENSE
%patch86 -p0 -b .debuginfo
%patch105 -p1 -b .kvno
%patch113 -p1 -b .init
%patch114 -p1 -b .lookup_etypes-leak
# Take the execute bit off of documentation.
chmod -x doc/krb5-protocol/*.txt
@ -793,6 +795,9 @@ exit 0
%{_sbindir}/uuserver
%changelog
* Thu Feb 28 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.1-3
- fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110)
* Wed Feb 27 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.1-2
- prebuild PDF docs to reduce multilib differences (internal tooling, #884065)
- drop the kerberos-iv portreserve file, and drop the rest on systemd systems