Memory leaks in ccache due to thread integration
authorEzra Peisach <epeisach@mit.edu>
Sat, 25 Dec 2004 15:29:39 +0000 (15:29 +0000)
committerEzra Peisach <epeisach@mit.edu>
Sat, 25 Dec 2004 15:29:39 +0000 (15:29 +0000)
* cc_file.c (krb5_fcc_close): Free the cache id.
(dereference): When removing fcc_set entry from list, free the
pointer as well.

The first was accidently dropped in the dereference code writing.
The cache id pointer is never freed.

The second error is the removal of the krb5_fcc_data from the linked list.
The fcc_set is removed from the chain, but the memory for the removed fcc_set
is never freed.

ticket:new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16981 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/ChangeLog
src/lib/krb5/ccache/cc_file.c

index 05e041c8bea74fa1e435ce8eaaa5b7dc70c2dc9f..d19ccb725a2fbde3b345e6a3d002666e484f8e7d 100644 (file)
@@ -1,3 +1,9 @@
+2004-12-25  Ezra Peisach  <epeisach@mit.edu>
+
+       * cc_file.c (krb5_fcc_close): Free the cache id.
+       (dereference): When removing fcc_set entry from list, free the
+       pointer as well.
+
 2004-12-16  Jeffrey Altman <jaltman@mit.edu>
         * cc_mslsa.c:
           Temporarily deactivate support for KerbSubmitTicketMessage   
index 14e59a1469a6deea7b421dea47dcc3b42a2ca208..1eadab688103123a978bfd94b0f38c4c0272efb9 100644 (file)
@@ -1486,8 +1486,11 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data)
     assert(*fccsp != NULL);
     (*fccsp)->refcount--;
     if ((*fccsp)->refcount == 0) {
+        struct fcc_set *temp;
        data = (*fccsp)->data;
+       temp = *fccsp;
        *fccsp = (*fccsp)->next;
+       free(temp);
        k5_mutex_unlock(&krb5int_cc_file_mutex);
        free(data->filename);
        zap(data->buf, sizeof(data->buf));
@@ -1517,6 +1520,7 @@ static krb5_error_code KRB5_CALLCONV
 krb5_fcc_close(krb5_context context, krb5_ccache id)
 {
      dereference(context, (krb5_fcc_data *) id->data);
+     krb5_xfree(id);
      return KRB5_OK;
 }