From ba8ceb5137aa50310e8d8886aa18c2049bbf977d Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 27 May 2003 20:02:50 +0000 Subject: [PATCH] Avoid memory leak of server and client principal in krb5_get_in_tkt_with{_password,_keytab} Ticket: 1525 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15498 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 7 +++++++ src/lib/krb5/krb/gic_keytab.c | 36 +++++++++++++++++++++++++++++++++++ src/lib/krb5/krb/gic_pwd.c | 10 +++++++++- 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index d8b1dbae3..29fdca9ce 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2003-05-27 Sam Hartman + + * gic_keytab.c (krb5_get_in_tkt_with_keytab): as below + + * gic_pwd.c (krb5_get_in_tkt_with_password): Store client and + server principals to avoid memory leak + 2003-05-24 Ken Raeburn * conv_creds.c: New file, moved from krb524/conv_creds.c and diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index dc8d47395..725b76a28 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -1,3 +1,29 @@ +/* + * lib/krb5/krb/gic_keytab.c + * + * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + #include "k5-int.h" static krb5_error_code @@ -127,6 +153,8 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_get_init_creds_opt opt; char * server = NULL; krb5_keytab keytab; + krb5_principal client_princ, server_princ; + krb5int_populate_gic_opt(context, &opt, options, addrs, ktypes, pre_auth_types); @@ -140,6 +168,8 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, retval = krb5_unparse_name( context, creds->server, &server); if (retval) goto cleanup; + server_princ = creds->server; + client_princ = creds->client; retval = krb5_get_init_creds (context, creds, creds->client, krb5_prompter_posix, NULL, @@ -150,6 +180,12 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, if (retval) { goto cleanup; } + if (creds->server) + krb5_free_principal( context, creds->server); + if (creds->client) + krb5_free_principal( context, creds->client); + creds->client = client_princ; + creds->server = server_princ; /* store it in the ccache! */ if (ccache) diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index fb5a40973..aa748dbd3 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -429,6 +429,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, char pw0array[1024]; krb5_get_init_creds_opt opt; char * server; + krb5_principal server_princ, client_princ; pw0array[0] = '\0'; pw0.data = pw0array; @@ -448,6 +449,8 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, retval = krb5_unparse_name( context, creds->server, &server); if (retval) return (retval); + server_princ = creds->server; + client_princ = creds->client; retval = krb5_get_init_creds (context, creds, creds->client, krb5_prompter_posix, NULL, @@ -458,7 +461,12 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, if (retval) { return (retval); } - + if (creds->server) + krb5_free_principal( context, creds->server); + if (creds->client) + krb5_free_principal( context, creds->client); + creds->client = client_princ; + creds->server = server_princ; /* store it in the ccache! */ if (ccache) if ((retval = krb5_cc_store_cred(context, ccache, creds))) -- 2.26.2