tags  538225 +fixed-upstream
thanks

Hi Eamonn,
On Mon, Aug 24, 2009 at 09:04:45AM +0100, Eamonn Hamilton wrote:
> Hi,
> 
> I've disabled the explicit renew lifetime parameter, while leaving the
> ticket lifetime specified, and it seems to be behaving itself. I'm
> currently trying to determine whether it's got anything to do with the
> renew lifetime being the same as the ticket lifetime, as I guess I
> should have had the renew lifetime as less than the ticket lifetime.
I've committed a fix that might help here:

        http://git.gnome.org/cgit/krb5-auth-dialog/

I'll attach the patch. Could you apply it and test it?
Cheers,
 -- Guido
>From 1fc28b824625e60e03412bdc8d4c9ad01dfa80f6 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Guido=20G=C3=BCnther?= <a...@sigxcpu.org>
Date: Tue, 15 Sep 2009 15:02:08 +0200
Subject: [PATCH] plug error message memory leak

BZ: #538225
---
 src/krb5-auth-dialog.c |   44 ++++++++++++++++++++++++++++++--------------
 1 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/src/krb5-auth-dialog.c b/src/krb5-auth-dialog.c
index 98235b7..17373e5 100644
--- a/src/krb5-auth-dialog.c
+++ b/src/krb5-auth-dialog.c
@@ -138,20 +138,26 @@ get_principal_realm_data(krb5_principal p)
 #endif
 }
 
-static const char*
+/*
+ * Returns a descriptive error message or kerberos related error
+ * pointer must be freed using g_free()
+ */
+static char*
 ka_get_error_message(krb5_context context, krb5_error_code err)
 {
-	const char *msg = NULL;
-
+	char *msg = NULL;
 #if defined(HAVE_KRB5_GET_ERROR_MESSAGE)
-	msg = krb5_get_error_message(context, err);
+	char *krberr;
+
+	krberr = krb5_get_error_message(context, err);
+	msg = g_strdup(krberr);
+	krb5_free_error_string(context, krberr);
 #else
-	msg = error_message(err);
+	msg = g_strdup(error_message(err));
 #endif
 	if (msg == NULL)
-		return "unknown error";
-	else
-		return msg;
+		msg = g_strdup(_("unknown error"));
+	return msg;
 }
 
 static void
@@ -614,6 +620,7 @@ grab_credentials (KaApplet* applet)
 	krb5_ccache ccache;
 	gchar *pk_userid = NULL;
 	gchar *pk_anchors = NULL;
+	gchar *errmsg = NULL;
 	gboolean pw_auth = TRUE;
 
 	memset(&my_creds, 0, sizeof(my_creds));
@@ -656,8 +663,10 @@ grab_credentials (KaApplet* applet)
 				invalid_auth = TRUE;
 				break;
 			default:
+				errmsg = ka_get_error_message(kcontext, retval);
 				KA_DEBUG("Auth failed with %d: %s", retval,
-				         ka_get_error_message(kcontext, retval));
+					 errmsg);
+				g_free(errmsg);
 				break;
 		}
 		goto out;
@@ -685,6 +694,7 @@ ka_renew_credentials (KaApplet* applet)
 	krb5_creds my_creds;
 	krb5_ccache ccache;
 	krb5_get_init_creds_opt opts;
+	gchar *errmsg = NULL;
 
 	if (kprincipal == NULL) {
 		retval = ka_parse_name(applet, kcontext, &kprincipal);
@@ -706,18 +716,21 @@ ka_renew_credentials (KaApplet* applet)
 	set_options_from_creds (applet, kcontext, &my_creds, &opts);
 
 	if (ka_applet_get_tgt_renewable(applet)) {
+
 		retval = get_renewed_creds (kcontext, &my_creds, kprincipal, ccache, NULL);
 		if (retval)
 			goto out;
 
 		retval = krb5_cc_initialize(kcontext, ccache, kprincipal);
 		if(retval) {
-			g_warning("krb5_cc_initialize: %s", ka_get_error_message(kcontext, retval));
+			errmsg = ka_get_error_message(kcontext, retval);
+			g_warning("krb5_cc_initialize: %s", errmsg);
 			goto out;
 		}
 		retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
 		if (retval) {
-			g_warning("krb5_cc_store_cred: %s", ka_get_error_message(kcontext, retval));
+			errmsg = ka_get_error_message(kcontext, retval);
+			g_warning("krb5_cc_store_cred: %s", errmsg);
 			goto out;
 		}
 	}
@@ -725,6 +738,7 @@ out:
 	creds_expiry = my_creds.times.endtime;
 	krb5_free_cred_contents (kcontext, &my_creds);
 	krb5_cc_close (kcontext, ccache);
+	g_free(errmsg);
 	return retval;
 }
 
@@ -874,9 +888,11 @@ ka_grab_credentials (KaApplet* applet)
 		if (canceled)
 			break;
 		if (retval) {
-			ka_pwdialog_error(pwdialog,
-					  ka_get_error_message(kcontext,
-                                                               retval));
+			gchar *errmsg;
+
+			errmsg = ka_get_error_message(kcontext, retval);
+			ka_pwdialog_error(pwdialog, errmsg);
+			g_free (errmsg);
 			break;
 		} else {
 			success = TRUE;
-- 
1.6.3.3

Reply via email to