From: Ken Raeburn Date: Fri, 27 Jun 2008 02:47:06 +0000 (+0000) Subject: misc memory leaks X-Git-Tag: krb5-1.7-alpha1~628 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b7d9d8b3c76441c4c54d6673fa2f4077473e6a36;p=krb5.git misc memory leaks Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 0b263d0dc..ae25eb41c 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -57,7 +57,7 @@ krb5_error_code process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, krb5_data **response) { - krb5_keyblock * subkey; + krb5_keyblock * subkey = 0; krb5_kdc_req *request = 0; krb5_db_entry server; krb5_kdc_rep reply; @@ -99,8 +99,10 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, /* * setup_server_realm() sets up the global realm-specific data pointer. */ - if ((retval = setup_server_realm(request->server))) + if ((retval = setup_server_realm(request->server))) { + krb5_free_kdc_req(kdc_context, request); return retval; + } fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), from->address->contents, @@ -711,7 +713,9 @@ cleanup: if (session_key.contents) krb5_free_keyblock_contents(kdc_context, &session_key); if (newtransited) - free(enc_tkt_reply.transited.tr_contents.data); + free(enc_tkt_reply.transited.tr_contents.data); + if (subkey) + krb5_free_keyblock(kdc_context, subkey); return retval; } @@ -833,6 +837,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server, "TGS_REQ: issuing TGT %s", sname); free(sname); } + krb5_free_realm_tree(kdc_context, plist); return; } krb5_db_free_principal(kdc_context, server, *nprincs); diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 869eb1896..4b2ce474e 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1,7 +1,7 @@ /* * kdc/kdc_util.c * - * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -418,6 +418,10 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno) retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_keyblock, server_key, *key, NULL); + if (retval) { + free(*key); + *key = NULL; + } } else retval = ENOMEM; errout: diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index 4557194fa..edd3319e8 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -159,8 +159,10 @@ make_seal_token_v1 (krb5_context context, } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); - if (code) + if (code) { + xfree(t); return(code); + } md5cksum.length = sumlen; diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c index c1af72616..c7236b7b5 100644 --- a/src/lib/krb5/krb/bld_pr_ext.c +++ b/src/lib/krb5/krb/bld_pr_ext.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/bld_pr_ext.c * - * Copyright 1991 by the Massachusetts Institute of Technology. + * Copyright 1991, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -39,7 +39,7 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, register int i, count = 0; register unsigned int size; register char *next; - char *tmpdata; + char *tmpdata = 0; krb5_data *princ_data; krb5_principal princ_ret; @@ -97,6 +97,7 @@ free_out: krb5_xfree(princ_data[i].data); krb5_xfree(princ_data); krb5_xfree(princ_ret); + krb5_xfree(tmpdata); va_end(ap); return ENOMEM; } diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index b3e94f4c6..38c338317 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/get_creds.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -207,8 +207,12 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options, retval = 255; break; } - if (retval) return retval; + /* + * Callers to krb5_get_cred_blah... must free up tgts even in + * error cases. + */ if (tgts) krb5_free_tgt_creds(context, tgts); + if (retval) return retval; retval = krb5_cc_get_principal(context, ccache, &tmp); if (retval) return retval; diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 8f4f57a13..a993870ce 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1059,13 +1059,15 @@ krb5_get_init_creds(krb5_context context, /* stuff the client realm into the server principal. realloc if necessary */ - if (request.server->realm.length < request.client->realm.length) - if ((request.server->realm.data = - (char *) realloc(request.server->realm.data, - request.client->realm.length)) == NULL) { + if (request.server->realm.length < request.client->realm.length) { + char *p = realloc(request.server->realm.data, + request.client->realm.length); + if (p == NULL) { ret = ENOMEM; goto cleanup; } + request.server->realm.data = p; + } request.server->realm.length = request.client->realm.length; memcpy(request.server->realm.data, request.client->realm.data, diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index e29557066..3ebbb908d 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -359,8 +359,10 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst if ((old_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (count + 1))) == - (krb5_enctype *) NULL) + (krb5_enctype *) NULL) { + profile_release_string(retval); return ENOMEM; + } sp = retval; j = 0; diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index d04b85cdb..6e6dadc57 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/an_to_ln.c * - * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -438,7 +438,7 @@ aname_replacer(char *string, char **contextp, char **result) memset(out, '\0', MAX_FORMAT_BUFFER); if (!do_replacement(rule, repl, doglobal, in, out)) { free(rule); - free(repl); + free(repl); kret = KRB5_LNAME_NOTRANS; break; } @@ -453,6 +453,7 @@ aname_replacer(char *string, char **contextp, char **result) } else { /* No memory for copies */ + free(rule); kret = ENOMEM; break; } diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c index d11c5e267..1debd4d69 100644 --- a/src/lib/rpc/auth_gss.c +++ b/src/lib/rpc/auth_gss.c @@ -186,6 +186,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec) rpc_createerr.cf_stat = RPC_SYSTEMERROR; rpc_createerr.cf_error.re_errno = ENOMEM; free(auth); + free(gd); return (NULL); } } diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c index e338cbbd0..04cc48970 100644 --- a/src/plugins/kdb/db2/adb_policy.c +++ b/src/plugins/kdb/db2/adb_policy.c @@ -358,6 +358,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func, if(!xdr_osa_policy_ent_rec(&xdrs, entry)) { xdr_destroy(&xdrs); free(aligned_data); + osa_free_policy_ent(entry); ret = OSA_ADB_FAILURE; goto error; }