From bf081fdccdfb1bc621f58ac8fa2b0bc6a3b4ce59 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 25 Feb 2019 15:24:36 -0500
Subject: [PATCH] Fix memory leak in 'none' replay cache type

Silence a coverity warning while we're here.
---
 ...emory-leak-in-none-replay-cache-type.patch | 33 +++++++++++++++++++
 Properly-size-ifdef-in-k5_cccol_lock.patch    | 33 +++++++++++++++++++
 krb5.spec                                     |  8 ++++-
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 Fix-memory-leak-in-none-replay-cache-type.patch
 create mode 100644 Properly-size-ifdef-in-k5_cccol_lock.patch

diff --git a/Fix-memory-leak-in-none-replay-cache-type.patch b/Fix-memory-leak-in-none-replay-cache-type.patch
new file mode 100644
index 0000000..c093c4a
--- /dev/null
+++ b/Fix-memory-leak-in-none-replay-cache-type.patch
@@ -0,0 +1,33 @@
+From ff79351c4755d6df7c3245274708454311c25731 Mon Sep 17 00:00:00 2001
+From: Corene Casper <C.Casper@Dell.com>
+Date: Sat, 16 Feb 2019 00:49:26 -0500
+Subject: [PATCH] Fix memory leak in 'none' replay cache type
+
+Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory
+leak in the 'none' replay cache type by freeing the outer container,
+but we also need to free the mutex.
+
+[ghudson@mit.edu: wrote commit message]
+
+ticket: 8783
+tags: pullup
+target_version: 1.17-next
+target_version: 1.16-next
+
+(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17)
+---
+ src/lib/krb5/rcache/rc_none.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
+index e30aed09f..0b2274df7 100644
+--- a/src/lib/krb5/rcache/rc_none.c
++++ b/src/lib/krb5/rcache/rc_none.c
+@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
+ static krb5_error_code KRB5_CALLCONV
+ krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
+ {
++    k5_mutex_destroy(&rc->lock);
+     free (rc);
+     return 0;
+ }
diff --git a/Properly-size-ifdef-in-k5_cccol_lock.patch b/Properly-size-ifdef-in-k5_cccol_lock.patch
new file mode 100644
index 0000000..5e6bac8
--- /dev/null
+++ b/Properly-size-ifdef-in-k5_cccol_lock.patch
@@ -0,0 +1,33 @@
+From e2a0e04fb3be9297a8c532dd35a7c1045cae88f4 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 14 Feb 2019 11:50:35 -0500
+Subject: [PATCH] Properly size #ifdef in k5_cccol_lock()
+
+The cleanup code only could get executed in the USE_CCAPI_V3 case, so
+move it inside that block.  Reported by Coverity.
+
+(cherry picked from commit 444a15f9cf82b9a6c1bca3f20307f82fee91c228)
+---
+ src/lib/krb5/ccache/ccbase.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c
+index 8198f2b9b..2702bef69 100644
+--- a/src/lib/krb5/ccache/ccbase.c
++++ b/src/lib/krb5/ccache/ccbase.c
+@@ -511,7 +511,6 @@ krb5_cccol_lock(krb5_context context)
+ #endif
+ #ifdef USE_CCAPI_V3
+     ret = krb5_stdccv3_context_lock(context);
+-#endif
+     if (ret) {
+         k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+         k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+@@ -519,6 +518,7 @@ krb5_cccol_lock(krb5_context context)
+         k5_cc_mutex_unlock(context, &cccol_lock);
+         return ret;
+     }
++#endif
+     k5_mutex_unlock(&cc_typelist_lock);
+     return ret;
+ }
diff --git a/krb5.spec b/krb5.spec
index 5234207..0e6c34d 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.17
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@@ -71,6 +71,8 @@ Patch96: In-kpropd-debug-log-proper-ticket-enctype-names.patch
 Patch97: Add-function-and-enctype-flag-for-deprecations.patch
 Patch98: Make-etype-names-in-KDC-logs-human-readable.patch
 Patch99: Mark-deprecated-enctypes-when-used.patch
+Patch100: Properly-size-ifdef-in-k5_cccol_lock.patch
+Patch101: Fix-memory-leak-in-none-replay-cache-type.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -710,6 +712,10 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Mon Feb 25 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-6
+- Fix memory leak in 'none' replay cache type
+- Silence a coverity warning while we're here.
+
 * Fri Feb 01 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-5
 - Update FIPS blocking for RC4