Fix the calls to krb5_gss_release_cred to pass in the correct type.
authorJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 13 Jan 2005 08:19:06 +0000 (08:19 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 13 Jan 2005 08:19:06 +0000 (08:19 +0000)
   This fixes a mutex leak.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17023 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/ChangeLog
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/init_sec_context.c

index 3237548d3bdc6f7b589ed8d857e7973207f0a86c..e49be6ba37b802d8ca7e47fc42ac9c9e89f087d8 100644 (file)
@@ -1,3 +1,9 @@
+2005-01-13 Jeffrey Altman <jaltman@mit.edu>
+
+        * init_sec_context.c, acquire_cred.c: fix calls to 
+          krb5_gss_release_cred() to pass in the correct type.
+          This fixes a mutex leak.
+
 2004-08-27  Tom Yu  <tlyu@mit.edu>
 
        * init_sec_context.c (make_ap_req_v1): Free checksum data
index 12d2cacc0b4595e365706cb16a747b2a406b32c7..b0f8ecc540e4b79c7fa8d12ef253beccca688705 100644 (file)
@@ -444,7 +444,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if ((cred_usage != GSS_C_INITIATE) &&
        (cred_usage != GSS_C_ACCEPT) &&
        (cred_usage != GSS_C_BOTH)) {
-      xfree(cred);
+       krb5_gss_release_cred(minor_status, &cred);
       *minor_status = (OM_uint32) G_BAD_USAGE;
       krb5_free_context(context);
       return(GSS_S_FAILURE);
@@ -458,10 +458,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
       if ((ret = acquire_accept_cred(context, minor_status, desired_name,
                                     &(cred->princ), cred))
          != GSS_S_COMPLETE) {
-        if (cred->princ)
-           krb5_free_principal(context, cred->princ);
-        xfree(cred);
-        /* minor_status set by acquire_accept_cred() */
+          krb5_gss_release_cred(minor_status, &cred);
+          /* minor_status set by acquire_accept_cred() */
         krb5_free_context(context);
         return(ret);
       }
@@ -477,12 +475,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
                             cred->princ?(gss_name_t)cred->princ:desired_name,
                             &(cred->princ), cred))
          != GSS_S_COMPLETE) {
-        if (cred->keytab)
-           krb5_kt_close(context, cred->keytab);
-        if (cred->princ)
-           krb5_free_principal(context, cred->princ);
-        xfree(cred);
-        /* minor_status set by acquire_init_cred() */
+          krb5_gss_release_cred(minor_status, &cred);
+          /* minor_status set by acquire_init_cred() */
         krb5_free_context(context);
         return(ret);
       }
@@ -492,12 +486,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if (!cred->princ && (desired_name != GSS_C_NO_CREDENTIAL))
       if ((code = krb5_copy_principal(context, (krb5_principal) desired_name,
                                      &(cred->princ)))) {
-        if (cred->ccache)
-           (void)krb5_cc_close(context, cred->ccache);
-        if (cred->keytab)
-           (void)krb5_kt_close(context, cred->keytab);
-        xfree(cred);
-        *minor_status = code;
+          krb5_gss_release_cred(minor_status, &cred);
+          *minor_status = code;
         krb5_free_context(context);
         return(GSS_S_FAILURE);
       }
@@ -513,14 +503,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
       krb5_timestamp now;
 
       if ((code = krb5_timeofday(context, &now))) {
-        if (cred->ccache)
-           (void)krb5_cc_close(context, cred->ccache);
-        if (cred->keytab)
-           (void)krb5_kt_close(context, cred->keytab);
-        if (cred->princ)
-           krb5_free_principal(context, cred->princ);
-        xfree(cred);
-        *minor_status = code;
+          krb5_gss_release_cred(minor_status, &cred);
+          *minor_status = code;
         krb5_free_context(context);
         return(GSS_S_FAILURE);
       }
@@ -542,13 +526,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
                                                           (gss_OID) gss_mech_krb5,
                                                           &ret_mechs)))) {
-          if (cred->ccache)
-              (void)krb5_cc_close(context, cred->ccache);
-          if (cred->keytab)
-              (void)krb5_kt_close(context, cred->keytab);
-          if (cred->princ)
-              krb5_free_principal(context, cred->princ);
-          xfree(cred);
+           krb5_gss_release_cred(minor_status, &cred);
           /* *minor_status set above */
           krb5_free_context(context);
           return(ret);
@@ -560,13 +538,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    if (! kg_save_cred_id((gss_cred_id_t) cred)) {
       free(ret_mechs->elements);
       free(ret_mechs);
-      if (cred->ccache)
-        (void)krb5_cc_close(context, cred->ccache);
-      if (cred->keytab)
-        (void)krb5_kt_close(context, cred->keytab);
-      if (cred->princ)
-        krb5_free_principal(context, cred->princ);
-      xfree(cred);
+       krb5_gss_release_cred(minor_status, &cred);
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
       krb5_free_context(context);
       return(GSS_S_FAILURE);
index 3ffb5154d9a8645e86c2fedce38c43585f2dce26..4f4055932d7f3e4ed58bbe367224da9d77bcbb3d 100644 (file)
@@ -925,7 +925,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    if (err) {
       k5_mutex_unlock(&cred->lock);
       if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
-        krb5_gss_release_cred(minor_status, (gss_cred_id_t)cred);
+        krb5_gss_release_cred(minor_status, (gss_cred_id_t)&cred);
       *minor_status = 0;
       if (*context_handle == GSS_C_NO_CONTEXT)
         krb5_free_context(context);
@@ -962,7 +962,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    }
 
    if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
-      krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)cred);
+      krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)&cred);
 
    return(major_status);
 }