Your message dated Fri, 02 Dec 2005 18:36:49 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#244602: libkrb53: memory leak in libkrb5.so.3.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Apr 2004 03:25:06 +0000
>From [EMAIL PROTECTED] Sun Apr 18 20:25:06 2004
Return-path: <[EMAIL PROTECTED]>
Received: from vagw.valinux.co.jp (enas) [210.128.90.14]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BFPP8-0002tX-00; Sun, 18 Apr 2004 20:25:06 -0700
Received: by enas (Postfix, from userid 1000)
id A18222AF84; Mon, 19 Apr 2004 12:25:05 +0900 (JST)
From: fumihiko kakuma <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libkrb53: memory leak in libkrb5.so.3.2
X-Mailer: reportbug 1.50
Date: Mon, 19 Apr 2004 12:25:05 +0900
Message-Id: <[EMAIL PROTECTED]>
X-BadReturnPath: [EMAIL PROTECTED] rewritten as [EMAIL PROTECTED]
using "From" header
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 1
Package: libkrb53
Version: 1.3.2-1
Severity: normal
Tags: patch
I found a memory leak in Kerberos 1.3.2 while I was
checking winbindd in the Samba.
We can see the memory leak in following sources.
lib/krb5/krb/gc_frm_kdc.c
I think krb5_get_cred_from_kdc_opt() in this program
will not free area linked a struct tgt in some cases.
Those can see at the following lines.
In the normal case handled on line 313, 318, 357 and 366, local tgt
and last return tgt from krb5_cc_retrieve_cred() may not be freed.
I made the following patches.
===================================================================
diff -urN krb5-1.3.2.orig/src/lib/krb5/krb/gc_frm_kdc.c
krb5-1.3.2/src/lib/krb5/krb/gc_frm_kdc.c
--- krb5-1.3.2.orig/src/lib/krb5/krb/gc_frm_kdc.c Thu May 15 03:16:29 2003
+++ krb5-1.3.2/src/lib/krb5/krb/gc_frm_kdc.c Tue Mar 30 11:43:34 2004
@@ -62,6 +62,10 @@
#define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK)
+#define TGT_FREE_FLG_INIT 0
+#define TGT_FREE_FLG_FREE_Y 1
+#define TGT_FREE_FLG_FREE_N 2
+
static krb5_error_code
krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
krb5_creds *in_cred, krb5_creds **out_cred, krb5_creds ***tgts, int kdcopt)
{
@@ -69,6 +73,7 @@
int ntgts = 0;
krb5_creds tgt, tgtq, *tgtr = NULL;
+ krb5_creds tgt_tmp_save;
krb5_error_code retval;
krb5_principal int_server = NULL; /* Intermediate server for request */
@@ -77,6 +82,7 @@
krb5_principal *next_server = NULL;
unsigned int nservers = 0;
krb5_boolean old_use_conf_ktypes = context->use_conf_ktypes;
+ int tgt_free_flg = TGT_FREE_FLG_INIT;
/* in case we never get a TGT, zero the return */
@@ -84,6 +90,7 @@
memset((char *)&tgtq, 0, sizeof(tgtq));
memset((char *)&tgt, 0, sizeof(tgt));
+ memset((char *)&tgt_tmp_save, 0, sizeof(tgt_tmp_save));
/*
* we know that the desired credentials aren't in the cache yet.
@@ -157,6 +164,7 @@
&tgtq, &tgt))) {
goto cleanup;
}
+ tgt_free_flg = TGT_FREE_FLG_FREE_Y;
/* get a list of realms to consult */
@@ -215,6 +223,7 @@
if ((retval = krb5_copy_principal(context, int_server, &tgtq.server)))
goto cleanup;
+ tgt_tmp_save = tgt;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
KRB5_TC_MATCH_SRV_NAMEONLY |
KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
@@ -274,6 +283,7 @@
&tgtq.server)))
goto cleanup;
+ tgt_tmp_save = tgt;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
KRB5_TC_MATCH_SRV_NAMEONLY |
KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
@@ -314,7 +324,16 @@
krb5_free_creds(context, tgtr);
tgtr = NULL;
+ if(tgt_free_flg == TGT_FREE_FLG_FREE_Y) {
+ krb5_free_cred_contents(context, &tgt);
+ tgt_free_flg = TGT_FREE_FLG_FREE_N;
+ }
tgt = *ret_tgts[ntgts++];
+ } else {
+ if(tgt_free_flg == TGT_FREE_FLG_FREE_Y)
+ krb5_free_cred_contents(context, &tgt_tmp_save);
+ else
+ tgt_free_flg = TGT_FREE_FLG_FREE_Y;
}
/* got one as close as possible, now start all over */
@@ -358,11 +377,20 @@
krb5_free_creds(context, tgtr);
tgtr = NULL;
+ if(tgt_free_flg == TGT_FREE_FLG_FREE_Y) {
+ krb5_free_cred_contents(context, &tgt);
+ tgt_free_flg = TGT_FREE_FLG_FREE_N;
+ }
tgt = *ret_tgts[ntgts++];
/* we're done if it is the target */
if (!*next_server++) break;
+ } else {
+ if(tgt_free_flg == TGT_FREE_FLG_FREE_Y)
+ krb5_free_cred_contents(context, &tgt_tmp_save);
+ else
+ tgt_free_flg = TGT_FREE_FLG_FREE_Y;
}
}
}
@@ -394,6 +422,9 @@
*tgts = NULL;
if (ret_tgts) free(ret_tgts);
krb5_free_cred_contents(context, &tgt);
+ } else {
+ if(tgt_free_flg == TGT_FREE_FLG_FREE_Y)
+ krb5_free_cred_contents(context, &tgt);
}
context->use_conf_ktypes = old_use_conf_ktypes;
return(retval);
===================================================================
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux enas-devel 2.4.17-xfs #1 SMP Thu Apr 11 13:30:19 JST 2002 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages libkrb53 depends on:
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libcomerr2 1.35-3 The Common Error Description libra
---------------------------------------
Received: (at 244602-done) by bugs.debian.org; 3 Dec 2005 02:36:51 +0000
>From [EMAIL PROTECTED] Fri Dec 02 18:36:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp1.stanford.edu ([171.67.16.123])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EiNGc-0002Z1-RB
for [EMAIL PROTECTED]; Fri, 02 Dec 2005 18:36:50 -0800
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147])
by smtp1.Stanford.EDU (8.12.11/8.12.11) with ESMTP id jB32aoAp030833
for <[EMAIL PROTECTED]>; Fri, 2 Dec 2005 18:36:50 -0800
Received: by windlord.stanford.edu (Postfix, from userid 1000)
id F0C28E7937; Fri, 2 Dec 2005 18:36:49 -0800 (PST)
From: Russ Allbery <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Bug#244602: libkrb53: memory leak in libkrb5.so.3.2
Organization: The Eyrie
Date: Fri, 02 Dec 2005 18:36:49 -0800
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.17 (linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Version: 1.4.3-2
Upstream reports this was fixed in the 1.4.3 release. See:
<http://krbdev.mit.edu/rt/Ticket/Display.html?id=2541>
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]