Avoid memory leak of server and client principal in

krb5_get_in_tkt_with{_password,_keytab}

Ticket: 1525
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15498 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index d8b1dbae3db11922b23d288ba1167026c7bff4f4..29fdca9ce9909b8871c7db0592b34243c4292f1f 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,10 @@
+2003-05-27  Sam Hartman  <hartmans@mit.edu>
+
+       * gic_keytab.c (krb5_get_in_tkt_with_keytab): as below
+
+       * gic_pwd.c (krb5_get_in_tkt_with_password): Store client and
+       server principals to avoid memory leak  
+
 2003-05-24  Ken Raeburn  <raeburn@mit.edu>
 
        * conv_creds.c: New file, moved from krb524/conv_creds.c and

diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index dc8d473951130d5e5a80f9414adcbdf0add3f70e..725b76a284e3f7fb5d207cb6c05639f4955affc9 100644 (file)
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -1,3 +1,29 @@
+/*
+ * lib/krb5/krb/gic_keytab.c
+ *
+ * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
 #include "k5-int.h"
 
 static krb5_error_code
@@ -127,6 +153,8 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
     krb5_get_init_creds_opt opt;
     char * server = NULL;
     krb5_keytab keytab;
+    krb5_principal client_princ, server_princ;
+    
     krb5int_populate_gic_opt(context, &opt,
                             options, addrs, ktypes,
                             pre_auth_types);
@@ -140,6 +168,8 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
     retval = krb5_unparse_name( context, creds->server, &server);
     if (retval)
        goto cleanup;
+    server_princ = creds->server;
+    client_princ = creds->client;
     retval = krb5_get_init_creds (context,
                                  creds, creds->client,  
                                  krb5_prompter_posix,  NULL,
@@ -150,6 +180,12 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
     if (retval) {
        goto cleanup;
     }
+       if (creds->server)
+           krb5_free_principal( context, creds->server);
+       if (creds->client)
+           krb5_free_principal( context, creds->client);
+       creds->client = client_princ;
+       creds->server = server_princ;
        
     /* store it in the ccache! */
     if (ccache)

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index fb5a40973076d961b417c5bbeac62c268fdba282..aa748dbd3dc11bde3c85c821cf3e9ac672222a16 100644 (file)
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -429,6 +429,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
     char pw0array[1024];
     krb5_get_init_creds_opt opt;
     char * server;
+    krb5_principal server_princ, client_princ;
 
     pw0array[0] = '\0';
     pw0.data = pw0array;
@@ -448,6 +449,8 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
     retval = krb5_unparse_name( context, creds->server, &server);
     if (retval)
       return (retval);
+    server_princ = creds->server;
+    client_princ = creds->client;
         retval = krb5_get_init_creds (context,
                                           creds, creds->client,  
                                           krb5_prompter_posix,  NULL,
@@ -458,7 +461,12 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
        if (retval) {
          return (retval);
        }
-       
+       if (creds->server)
+           krb5_free_principal( context, creds->server);
+       if (creds->client)
+           krb5_free_principal( context, creds->client);
+       creds->client = client_princ;
+       creds->server = server_princ;
        /* store it in the ccache! */
        if (ccache)
          if ((retval = krb5_cc_store_cred(context, ccache, creds)))