81 lines
3.8 KiB
Diff
81 lines
3.8 KiB
Diff
From 48493735e2d2091740fe784cf07a4258dfc0b512 Mon Sep 17 00:00:00 2001
|
|
From: Shaleen Bathla <shaleen.bathla@oracle.com>
|
|
Date: Wed, 10 Apr 2024 18:31:39 +0530
|
|
Subject: [PATCH] s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs
|
|
|
|
Add missing free for entry variable and its members : key and principal
|
|
Found definite memory leaks via valgrind as shown below.
|
|
|
|
Leak 1 :
|
|
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
|
|
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
|
|
==1686== by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
|
|
==1686== by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
|
|
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
|
|
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
|
|
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
|
|
==1686== by 0x127F45: process_request_send (winbindd.c:502)
|
|
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
|
|
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
|
|
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
|
|
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
|
|
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
|
|
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
|
|
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
|
|
==1686== by 0x1232F3: main (winbindd.c:1718)
|
|
|
|
Leak 2 :
|
|
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
|
|
==1686== by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
|
|
==1686== by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
|
|
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
|
|
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
|
|
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
|
|
==1686== by 0x127F45: process_request_send (winbindd.c:502)
|
|
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
|
|
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
|
|
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
|
|
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
|
|
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
|
|
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
|
|
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
|
|
==1686== by 0x1232F3: main (winbindd.c:1718)
|
|
|
|
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
|
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
|
|
|
|
Orabug: 36566309
|
|
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
|
|
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
|
|
---
|
|
source3/winbindd/winbindd_pam.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
|
|
index 6c890c8acd5..e7d64189b7e 100644
|
|
--- a/source3/winbindd/winbindd_pam.c
|
|
+++ b/source3/winbindd/winbindd_pam.c
|
|
@@ -3433,12 +3433,17 @@ static NTSTATUS extract_pac_vrfy_sigs(TALLOC_CTX *mem_ctx, DATA_BLOB pac_blob,
|
|
NULL, /* client_principal */
|
|
0, /* tgs_authtime */
|
|
p_pac_data);
|
|
+ (void)smb_krb5_kt_free_entry(krbctx, &entry);
|
|
if (NT_STATUS_IS_OK(status)) {
|
|
break;
|
|
}
|
|
- k5ret = smb_krb5_kt_free_entry(krbctx, &entry);
|
|
k5ret = krb5_kt_next_entry(krbctx, keytab, &entry, &cursor);
|
|
}
|
|
+ if (k5ret != 0 && k5ret != KRB5_KT_END) {
|
|
+ DEBUG(1, ("Failed to get next entry: %s\n",
|
|
+ error_message(k5ret)));
|
|
+ (void)smb_krb5_kt_free_entry(krbctx, &entry);
|
|
+ }
|
|
|
|
k5ret = krb5_kt_end_seq_get(krbctx, keytab, &cursor);
|
|
if (k5ret) {
|