From 600b43b384f707a976646e2a3467e7def3e79acf Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 9 Jul 2009 01:54:50 +0000
Subject: [PATCH] pull up r20482, r20481 from trunk

 ------------------------------------------------------------------------
 r20482 | raeburn | 2008-06-26 22:51:09 -0400 (Thu, 26 Jun 2008) | 5 lines

 ticket: 5997

 Memory leak, and possible freed-memory dereference, in an error (small
 allocation failure) path.
 ------------------------------------------------------------------------
 r20481 | raeburn | 2008-06-26 22:47:06 -0400 (Thu, 26 Jun 2008) | 9 lines

 ticket: new
 target_version: 1.6.4
 subject: misc memory leaks
 tags: pullup

 Fix various memory leaks that show up mostly in error cases (e.g.,
 failure to allocate one small object, and then we forget to free
 another one).

ticket: 5997
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22426 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/do_tgs_req.c             | 11 ++++++++---
 src/kdc/kdc_util.c               |  6 +++++-
 src/lib/gssapi/krb5/k5seal.c     |  4 +++-
 src/lib/krb5/krb/bld_pr_ext.c    |  5 +++--
 src/lib/krb5/krb/get_creds.c     |  8 ++++++--
 src/lib/krb5/krb/get_in_tkt.c    | 10 ++++++----
 src/lib/krb5/krb/gic_opt.c       |  2 +-
 src/lib/krb5/krb/init_ctx.c      |  4 +++-
 src/lib/krb5/os/an_to_ln.c       |  5 +++--
 src/lib/rpc/auth_gss.c           |  1 +
 src/plugins/kdb/db2/adb_policy.c |  1 +
 11 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 8e960cb04..a15898ad7 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -57,7 +57,7 @@ krb5_error_code
 process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
 		krb5_data **response)
 {
-    krb5_keyblock * subkey;
+    krb5_keyblock * subkey = 0;
     krb5_kdc_req *request = 0;
     krb5_db_entry server;
     krb5_kdc_rep reply;
@@ -99,8 +99,10 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
     /*
      * setup_server_realm() sets up the global realm-specific data pointer.
      */
-    if ((retval = setup_server_realm(request->server)))
+    if ((retval = setup_server_realm(request->server))) {
+	krb5_free_kdc_req(kdc_context, request);
 	return retval;
+    }
 
     fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
 			   from->address->contents,
@@ -712,7 +714,9 @@ cleanup:
     if (session_key.contents)
 	krb5_free_keyblock_contents(kdc_context, &session_key);
     if (newtransited)
-	free(enc_tkt_reply.transited.tr_contents.data); 
+	free(enc_tkt_reply.transited.tr_contents.data);
+    if (subkey)
+	krb5_free_keyblock(kdc_context, subkey);
 
     return retval;
 }
@@ -834,6 +838,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
 		       "TGS_REQ: issuing TGT %s", sname);
 		free(sname);
 	    }
+	    krb5_free_realm_tree(kdc_context, plist);
 	    return;
 	}
 	krb5_db_free_principal(kdc_context, server, *nprincs);
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index aeabc5c65..8f5f6ec68 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1,7 +1,7 @@
 /*
  * kdc/kdc_util.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -425,6 +425,10 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno)
 	retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_keyblock,
 					     server_key,
 					     *key, NULL);
+	if (retval) {
+	    free(*key);
+	    *key = NULL;
+	}
     } else
 	retval = ENOMEM;
 errout:
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index 7a904d065..ea971d45b 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -159,8 +159,10 @@ make_seal_token_v1 (krb5_context context,
     }
 
     code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
-    if (code)
+    if (code) {
+      xfree(t);
       return(code);
+    }
     md5cksum.length = sumlen;
 
 
diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c
index c1af72616..c7236b7b5 100644
--- a/src/lib/krb5/krb/bld_pr_ext.c
+++ b/src/lib/krb5/krb/bld_pr_ext.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/bld_pr_ext.c
  *
- * Copyright 1991 by the Massachusetts Institute of Technology.
+ * Copyright 1991, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -39,7 +39,7 @@ krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
     register int i, count = 0;
     register unsigned int size;
     register char *next;
-    char *tmpdata;
+    char *tmpdata = 0;
     krb5_data *princ_data;
     krb5_principal princ_ret;
 
@@ -97,6 +97,7 @@ free_out:
 	krb5_xfree(princ_data[i].data);
     krb5_xfree(princ_data);
     krb5_xfree(princ_ret);
+    krb5_xfree(tmpdata);
     va_end(ap);
     return ENOMEM;
 }
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index b3e94f4c6..38c338317 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/get_creds.c
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -207,8 +207,12 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options,
 	    retval = 255;
 	    break;
     }
-    if (retval) return retval;
+    /*
+     * Callers to krb5_get_cred_blah... must free up tgts even in
+     * error cases.
+     */
     if (tgts) krb5_free_tgt_creds(context, tgts);
+    if (retval) return retval;
 
     retval = krb5_cc_get_principal(context, ccache, &tmp);
     if (retval) return retval;
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index a4bd64f26..d54d893e6 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -997,13 +997,15 @@ krb5_get_init_creds(krb5_context context,
 
 	/* stuff the client realm into the server principal.
 	   realloc if necessary */
-	if (request.server->realm.length < request.client->realm.length)
-	    if ((request.server->realm.data =
-		 (char *) realloc(request.server->realm.data,
-				  request.client->realm.length)) == NULL) {
+	if (request.server->realm.length < request.client->realm.length) {
+	    char *p = realloc(request.server->realm.data,
+			      request.client->realm.length);
+	    if (p == NULL) {
 		ret = ENOMEM;
 		goto cleanup;
 	    }
+	    request.server->realm.data = p;
+	}
 
 	request.server->realm.length = request.client->realm.length;
 	memcpy(request.server->realm.data, request.client->realm.data,
diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c
index 227391ae4..ab73d2c8e 100644
--- a/src/lib/krb5/krb/gic_opt.c
+++ b/src/lib/krb5/krb/gic_opt.c
@@ -306,6 +306,7 @@ add_gic_opt_ext_preauth_data(krb5_context context,
 	newpad = realloc(opte->opt_private->preauth_data, newsize);
     if (newpad == NULL)
 	return ENOMEM;
+    opte->opt_private->preauth_data = newpad;
 
     i = opte->opt_private->num_preauth_data;
     newpad[i].attr = strdup(attr);
@@ -317,7 +318,6 @@ add_gic_opt_ext_preauth_data(krb5_context context,
 	return ENOMEM;
     }
     opte->opt_private->num_preauth_data += 1;
-    opte->opt_private->preauth_data = newpad;
     return 0;
 }
 
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index b80fd50fa..174d819de 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -360,8 +360,10 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst
 	
 	if ((old_ktypes =
 	     (krb5_enctype *)malloc(sizeof(krb5_enctype) * (count + 1))) ==
-	    (krb5_enctype *) NULL)
+	    (krb5_enctype *) NULL) {
+	    profile_release_string(retval);
 	    return ENOMEM;
+	}
 	
 	sp = retval;
 	j = 0;
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index 73465d66c..8b719db87 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/os/an_to_ln.c
  *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -438,7 +438,7 @@ aname_replacer(char *string, char **contextp, char **result)
 		    memset(out, '\0', MAX_FORMAT_BUFFER);
 		    if (!do_replacement(rule, repl, doglobal, in, out)) {
 			free(rule);
-		    free(repl);
+			free(repl);
 			kret = KRB5_LNAME_NOTRANS;
 			break;
 		    }
@@ -453,6 +453,7 @@ aname_replacer(char *string, char **contextp, char **result)
 		}
 		else {
 		    /* No memory for copies */
+		    free(rule);
 		    kret = ENOMEM;
 		    break;
 		}
diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c
index d11c5e267..1debd4d69 100644
--- a/src/lib/rpc/auth_gss.c
+++ b/src/lib/rpc/auth_gss.c
@@ -186,6 +186,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
 			rpc_createerr.cf_error.re_errno = ENOMEM;
 			free(auth);
+			free(gd);
 			return (NULL);
 		}
 	}
diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
index e338cbbd0..04cc48970 100644
--- a/src/plugins/kdb/db2/adb_policy.c
+++ b/src/plugins/kdb/db2/adb_policy.c
@@ -358,6 +358,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
 	if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
 	    xdr_destroy(&xdrs);
 	    free(aligned_data);
+	    osa_free_policy_ent(entry);
 	    ret = OSA_ADB_FAILURE;
 	    goto error;
 	}
-- 
2.26.2