In the kdc and lib/kadm5/logger.c, krb5_get_error_message needs to be paired
with krb5_free_error_message to release returned memory.
Essentially a memory leak was introduced for every principal requested
that did not exist in the database.
Identified by valgrind on the kdc - running kdc_hammer and specifying
more principals than are present in the db.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18072
dc483132-0cff-0310-8789-
dd5450dbe970
errout:
if (status) {
+ char * emsg = 0;
+ if (errcode)
+ emsg = krb5_get_error_message (kdc_context, errcode);
+
krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
ktypestr,
fromstring, status,
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
errcode ? ", " : "",
- errcode ? krb5_get_error_message (kdc_context, errcode) : "");
+ errcode ? emsg : "");
+ if (errcode)
+ krb5_free_error_message (kdc_context, emsg);
}
if (errcode) {
- if (status == 0)
+ int got_err = 0;
+ if (status == 0) {
status = krb5_get_error_message (kdc_context, errcode);
+ got_err = 1;
+ }
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
errcode = prepare_error_as(request, errcode, &e_data, response,
status);
+ if (got_err) {
+ krb5_free_error_message (kdc_context, status);
+ status = 0;
+ }
}
if (encrypting_key.contents)
sname ? sname : "<unknown server>",
enc_tkt_reply.transited.tr_contents.length,
enc_tkt_reply.transited.tr_contents.data);
- else
+ else {
+ char *emsg = krb5_get_error_message(kdc_context, errcode);
krb5_klog_syslog (LOG_ERR,
"unexpected error checking transit from '%s' to '%s' via '%.*s': %s",
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
enc_tkt_reply.transited.tr_contents.length,
enc_tkt_reply.transited.tr_contents.data,
- krb5_get_error_message(kdc_context, errcode));
+ emsg);
+ krb5_free_error_message(kdc_context, emsg);
+ }
} else
krb5_klog_syslog (LOG_INFO, "not checking transit path");
if (reject_bad_transit
if (status) {
if (!errcode)
rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
+ char * emsg = NULL;
+ if(errcode)
+ emsg = krb5_get_error_message (kdc_context, errcode);
krb5_klog_syslog(LOG_INFO,
"TGS_REQ (%s) %s: %s: authtime %d, "
"%s%s %s for %s%s%s",
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
errcode ? ", " : "",
- errcode ? krb5_get_error_message (kdc_context, errcode) : "");
+ errcode ? emsg : "");
+ if(errcode)
+ krb5_free_error_message (kdc_context, emsg);
}
if (errcode) {
- if (status == 0)
+ int got_err = 0;
+ if (status == 0) {
status = krb5_get_error_message (kdc_context, errcode);
+ got_err = 1;
+ }
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
retval = prepare_error_tgs(request, header_ticket, errcode,
fromstring, response, status);
+ if (got_err) {
+ krb5_free_error_message (kdc_context, status);
+ status = 0;
+ }
}
if (header_ticket)
retval = pa_sys->verify_padata(context, client, request,
enc_tkt_reply, *padata);
if (retval) {
+ char * emsg = krb5_get_error_message (context, retval);
krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s",
- pa_sys->name,
- krb5_get_error_message (context, retval));
+ pa_sys->name, emsg);
+ krb5_free_error_message (context, emsg);
if (pa_sys->flags & PA_REQUIRED) {
pa_ok = 0;
break;
return 0;
if (!pa_found) {
- krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s",
- krb5_get_error_message(context, retval));
+ char *emsg = krb5_get_error_message(context, retval);
+ krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s", emsg);
+ krb5_free_error_message(context, emsg);
}
/* The following switch statement allows us
* to return some preauth system errors back to the client.
/* If reporting an error message, separate it. */
if (code) {
+ char *emsg;
outbuf[sizeof(outbuf) - 1] = '\0';
- strncat(outbuf, krb5_get_error_message (err_context, code), sizeof(outbuf) - 1 - strlen(outbuf));
+ emsg = krb5_get_error_message (err_context, code);
+ strncat(outbuf, emsg, sizeof(outbuf) - 1 - strlen(outbuf));
strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf));
+ krb5_free_error_message(err_context, emsg);
}
cp = &outbuf[strlen(outbuf)];
projects / krb5.git / commitdiff