From f4c8a41e68aa417d6ab95a41333507cf34f3f89c Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Thu, 14 Aug 2008 04:44:44 +0000 Subject: [PATCH] krb5_fcc_resolve file locking error on malloc failuer In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault. Also - in krb5_fcc_generate_new, a strdup failure would result in the krb5int_cc_file_mutex being unlocked twice. [I have a modified version of valgrind in which I can signal after a certain number of mallocs for it to fail - I vary the allocation number from 1300 to 0 - and see what breaks - some memory leaks will be fixed separately] ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20653 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/cc_file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 42e9ba0f6..0fe099c45 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -1734,6 +1734,7 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { k5_mutex_unlock(&krb5int_cc_file_mutex); + k5_mutex_unlock(&data->lock); k5_mutex_destroy(&data->lock); free(data->filename); free(data); @@ -1984,7 +1985,6 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) free(data); close(ret); unlink(scratch); - k5_mutex_unlock(&krb5int_cc_file_mutex); return KRB5_CC_NOMEM; } @@ -2056,6 +2056,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { k5_mutex_unlock(&krb5int_cc_file_mutex); + k5_mutex_unlock(&data->lock); k5_mutex_destroy(&data->lock); free(data->filename); free(data); -- 2.26.2