pull up r24452, r24453, r24454 from trunk

 ------------------------------------------------------------------------
 r24454 | ghudson | 2010-10-13 13:20:36 -0400 (Wed, 13 Oct 2010) | 2 lines

 Whitespace.

 ------------------------------------------------------------------------
 r24453 | hartmans | 2010-10-12 21:19:20 -0400 (Tue, 12 Oct 2010) | 2 lines

 Adjust valgrind support to assume a modern valgrind that requires %p in log files.

 ------------------------------------------------------------------------
 r24452 | hartmans | 2010-10-12 21:19:14 -0400 (Tue, 12 Oct 2010) | 14 lines

 ticket: 6801
 target_version: 1.9
 Subject: Fix leaks in get_init_creds interface

 In Debian Bug 598032, Bastian Blank points out that there are two
 leaks in the get_init_creds interface:

 * Free ctx->request->padata after sending the KDC request so it is not
 overwritten the next time around the loop.

 * If options is NULL passed into krb5_get_init_creds_init, then set up
 a non-extended options structure so that krb5_get_init_creds_free will
 free the options.

ticket: 6801
version_fixed: 1.9

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24456 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/config/pre.in b/src/config/pre.in
index d2cad1cd023d0a85b8e785dece4e87bdbfdfaabb..8efa54913f18f03f210d8d1718ae1f4db3e3fd0d 100644 (file)
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -566,7 +566,7 @@ VALGRIND=
 # Need absolute paths here because under kshd or ftpd we may run programs
 # while in other directories.
 VALGRIND_LOGDIR = `cd $(BUILDTOP)&&pwd`
-VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg --trace-children=yes -v --leak-check=yes --suppressions=`cd $(top_srcdir)&&pwd`/util/valgrind-suppressions
+VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg.%p --trace-children=yes -v --leak-check=yes --suppressions=`cd $(top_srcdir)&&pwd`/util/valgrind-suppressions
 
 # Set OFFLINE=yes to disable tests that assume network connectivity.
 # (Specifically, this concerns the ability to fetch DNS data for

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 836a517f92fe54baf7b29048eeaa2678f2694327..71d1e127fdfc21e7ecbb82e35953fc7354e43f19 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -798,6 +798,7 @@ krb5_init_creds_init(krb5_context context,
     int tmp;
     char *str = NULL;
     krb5_gic_opt_ext *opte;
+    krb5_get_init_creds_opt local_opts;
 
     TRACE_INIT_CREDS(context, client);
 
@@ -822,9 +823,14 @@ krb5_init_creds_init(krb5_context context,
     ctx->start_time = start_time;
 
     if (options == NULL) {
-        code = krb5_get_init_creds_opt_alloc(context, &options);
-        if (code != 0)
-            goto cleanup;
+        /*
+         * We initialize a non-extended options because that way the shadowed
+         * flag will be sent and they will be freed when the init_creds context
+         * is freed. The options will be extended and copied off the stack into
+         * storage by opt_to_opte.
+         */
+        krb5_get_init_creds_opt_init(&local_opts);
+        options = &local_opts;
     }
 
     code = krb5int_gic_opt_to_opte(context, options,
@@ -1175,6 +1181,8 @@ init_creds_step_request(krb5_context context,
         goto cleanup;
 
 cleanup:
+    krb5_free_pa_data(context, ctx->request->padata);
+    ctx->request->padata = NULL;
     return code;
 }