krb5_fcc_resolve file locking error on malloc failuer

In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault.

Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.

[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20653 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 42e9ba0f6b88c36ace6a2677bdb4837f96482bcc..0fe099c45752698faae9a5202e3ab18db2bb9f00 100644 (file)
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -1734,6 +1734,7 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
         setptr = malloc(sizeof(struct fcc_set));
         if (setptr == NULL) {
             k5_mutex_unlock(&krb5int_cc_file_mutex);
+            k5_mutex_unlock(&data->lock);
             k5_mutex_destroy(&data->lock);
             free(data->filename);
             free(data);
@@ -1984,7 +1985,6 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
          free(data);
          close(ret);
          unlink(scratch);
-         k5_mutex_unlock(&krb5int_cc_file_mutex);
          return KRB5_CC_NOMEM;
      }
 
@@ -2056,6 +2056,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
      setptr = malloc(sizeof(struct fcc_set));
      if (setptr == NULL) {
        k5_mutex_unlock(&krb5int_cc_file_mutex);
+       k5_mutex_unlock(&data->lock);
        k5_mutex_destroy(&data->lock);
        free(data->filename);
        free(data);