The branch, master has been updated
via 11ba2ed4472 third_party/heimdal: Import
lorikeet-heimdal-202505280044 (commit 1be8ce37d618704abd82a2aa06058fa96845ad41)
via ea84959a720 s4:kdc: Fix memory leak of padata_value
via 149d4364299 s4:kdc: Fix ticket encryption types memory leak
via a97aad91878 s4:kdc: Fix memory leak for unused keys in TGT
from c716bf33a53 lib/torture: directly remove the dummy signal event
again to avoid flapping tests
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 11ba2ed4472cdf7de0ccf9b41d7d301d9695c9dc
Author: Jennifer Sutton <[email protected]>
Date: Wed May 28 12:52:26 2025 +1200
third_party/heimdal: Import lorikeet-heimdal-202505280044 (commit
1be8ce37d618704abd82a2aa06058fa96845ad41)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15814
Signed-off-by: Jennifer Sutton <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
Autobuild-User(master): Douglas Bagnall <[email protected]>
Autobuild-Date(master): Tue Jun 3 22:52:34 UTC 2025 on atb-devel-224
commit ea84959a720d509f6a8acdde4d0f72d450cfb087
Author: Ivan Korytov <[email protected]>
Date: Fri Feb 21 14:22:41 2025 +0300
s4:kdc: Fix memory leak of padata_value
md.padata_value is not needed even if no error occurred.
kdc_request_add_encrypted_padata copies data from it to newly allocated
r->ek.encrypted_pa_data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15813
Signed-off-by: Ivan Korytov <[email protected]>
Reviewed-by: Jennifer Sutton <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
commit 149d4364299bea61b5308965916ad7990f56197b
Author: Ivan Korytov <[email protected]>
Date: Fri Feb 21 13:57:10 2025 +0300
s4:kdc: Fix ticket encryption types memory leak
sdb_entry_free was not releasing memory for s->etypes->val.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15812
Signed-off-by: Ivan Korytov <[email protected]>
Reviewed-by: Jennifer Sutton <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
commit a97aad91878f693bd854b9483592811ac883b356
Author: Ivan Korytov <[email protected]>
Date: Fri Feb 21 10:02:48 2025 +0300
s4:kdc: Fix memory leak for unused keys in TGT
Length of key list was reduced to one but unused keys were not deallocated
before changing the length.
As such, free_sdb_entry/sdb_keys_free function could not release unused
keys indexed from 1 onwards on entry deallocation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15712
Signed-off-by: Ivan Korytov <[email protected]>
Reviewed-by: Jennifer Sutton <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source4/kdc/db-glue.c | 11 ++++++++++
source4/kdc/sdb.c | 4 ++++
source4/kdc/wdc-samba4.c | 7 ++-----
third_party/heimdal/cf/resolv.m4 | 4 ++--
third_party/heimdal/kdc/krb5tgs.c | 5 +++++
third_party/heimdal/lib/base/config_file.c | 33 +++++++++++++++++-------------
third_party/heimdal/lib/gssapi/Makefile.am | 1 +
third_party/heimdal/lib/krb5/Makefile.am | 2 ++
third_party/heimdal/lib/roken/Makefile.am | 1 +
9 files changed, 47 insertions(+), 21 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 90cfe006043..98b90e3637e 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1844,6 +1844,8 @@ static krb5_error_code
samba_kdc_message2entry(krb5_context context,
*/
#ifdef SAMBA4_USES_HEIMDAL
if (is_krbtgt) {
+ unsigned int i = 0;
+
/*
* The krbtgt account, having no reason to
* issue tickets encrypted in weaker keys,
@@ -1875,11 +1877,20 @@ static krb5_error_code
samba_kdc_message2entry(krb5_context context,
* management.
*/
+ for (i = 1; i < entry->keys.len; i++) {
+ sdb_key_free(&entry->keys.val[i]);
+ }
entry->keys.len = 1;
if (entry->etypes != NULL) {
entry->etypes->len = MIN(entry->etypes->len, 1);
}
+ for (i = 1; i < entry->old_keys.len; i++) {
+ sdb_key_free(&entry->old_keys.val[i]);
+ }
entry->old_keys.len = MIN(entry->old_keys.len, 1);
+ for (i = 1; i < entry->older_keys.len; i++) {
+ sdb_key_free(&entry->older_keys.val[i]);
+ }
entry->older_keys.len = MIN(entry->older_keys.len, 1);
}
#endif
diff --git a/source4/kdc/sdb.c b/source4/kdc/sdb.c
index 75f96bbb338..3913954be0c 100644
--- a/source4/kdc/sdb.c
+++ b/source4/kdc/sdb.c
@@ -82,6 +82,10 @@ void sdb_entry_free(struct sdb_entry *s)
krb5_free_principal(NULL, s->principal);
sdb_keys_free(&s->keys);
+
+ if (s->etypes != NULL) {
+ SAFE_FREE(s->etypes->val);
+ }
SAFE_FREE(s->etypes);
sdb_keys_free(&s->old_keys);
sdb_keys_free(&s->older_keys);
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 0741c0878af..9d464a70560 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -737,12 +737,9 @@ static krb5_error_code samba_wdc_finalize_reply(void *priv,
md.padata_type = KRB5_PADATA_SUPPORTED_ETYPES;
ret = kdc_request_add_encrypted_padata(r, &md);
+ krb5_data_free(&md.padata_value);
if (ret != 0) {
- /*
- * So we do not leak the allocated
- * memory on md in the error case
- */
- krb5_data_free(&md.padata_value);
+ return ret;
}
}
diff --git a/third_party/heimdal/cf/resolv.m4 b/third_party/heimdal/cf/resolv.m4
index 49c868ab0ec..62949727589 100644
--- a/third_party/heimdal/cf/resolv.m4
+++ b/third_party/heimdal/cf/resolv.m4
@@ -73,13 +73,13 @@ AC_FIND_FUNC(res_ndestroy, resolv,
],
[0])
-AC_FIND_FUNC_NO_LIBS(dns_search,,
+AC_FIND_FUNC(dns_search, resolv,
[
#ifdef HAVE_DNS_H
#include <dns.h>
#endif
],
-[0,0,0,0,0,0,0,0])
+[0])
AC_FIND_FUNC(dn_expand, resolv,
diff --git a/third_party/heimdal/kdc/krb5tgs.c
b/third_party/heimdal/kdc/krb5tgs.c
index f8fe63d88d7..07fdcca3970 100644
--- a/third_party/heimdal/kdc/krb5tgs.c
+++ b/third_party/heimdal/kdc/krb5tgs.c
@@ -2289,6 +2289,11 @@ out:
free(csec);
free(cusec);
+ if (r->ek.encrypted_pa_data) {
+ free_METHOD_DATA(r->ek.encrypted_pa_data);
+ free(r->ek.encrypted_pa_data);
+ }
+
free_TGS_REP(&r->rep);
free_TransitedEncoding(&r->et.transited);
free(r->et.starttime);
diff --git a/third_party/heimdal/lib/base/config_file.c
b/third_party/heimdal/lib/base/config_file.c
index b1675ea5f14..7ea7a99cacf 100644
--- a/third_party/heimdal/lib/base/config_file.c
+++ b/third_party/heimdal/lib/base/config_file.c
@@ -312,6 +312,11 @@ parse_plist_config(heim_context context, const char *path,
heim_config_section *
CFRelease(url);
if (s == NULL) {
heim_clear_error_message(context);
+ if (path[0] != '/') {
+ char cwd[PATH_MAX];
+ if (getcwd(cwd, sizeof(cwd)) == NULL)
+ return errno;
+ }
return ENOMEM;
}
@@ -571,6 +576,7 @@ heim_config_parse_file_multi(heim_context context,
{
const char *str;
char *newfname = NULL;
+ char *exp_fname = NULL;
unsigned lineno = 0;
heim_error_code ret = 0;
struct fileptr f;
@@ -603,6 +609,19 @@ heim_config_parse_file_multi(heim_context context,
fname = newfname;
}
+ /*
+ * Note that heim_config_parse_dir_multi() doesn't want tokens
+ * expanded here, but it happens to limit the names of files to
+ * include such that there can be no tokens to expand. Don't
+ * add token expansion for tokens using _, say.
+ */
+ ret = heim_expand_path_tokens(context, fname, 1, &exp_fname, NULL);
+ if (ret)
+ goto out;
+ free(newfname);
+ fname = newfname = exp_fname;
+
+
if (is_plist_file(fname)) {
#if defined(HAVE_FRAMEWORK_COREFOUNDATION)
ret = parse_plist_config(context, fname, res);
@@ -618,20 +637,6 @@ heim_config_parse_file_multi(heim_context context,
goto out;
#endif
} else {
- char *exp_fname = NULL;
-
- /*
- * Note that heim_config_parse_dir_multi() doesn't want tokens
- * expanded here, but it happens to limit the names of files to
- * include such that there can be no tokens to expand. Don't
- * add token expansion for tokens using _, say.
- */
- ret = heim_expand_path_tokens(context, fname, 1, &exp_fname, NULL);
- if (ret)
- goto out;
- free(newfname);
- fname = newfname = exp_fname;
-
f.context = context;
f.f = fopen(fname, "r");
f.s = NULL;
diff --git a/third_party/heimdal/lib/gssapi/Makefile.am
b/third_party/heimdal/lib/gssapi/Makefile.am
index 3254866dced..db967e58663 100644
--- a/third_party/heimdal/lib/gssapi/Makefile.am
+++ b/third_party/heimdal/lib/gssapi/Makefile.am
@@ -403,6 +403,7 @@ LDADD = libgssapi.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_roken)
+test_names_LDFLAGS = -lresolv
test_names_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la
test_context_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la
$(top_builddir)/lib/wind/libwind.la
diff --git a/third_party/heimdal/lib/krb5/Makefile.am
b/third_party/heimdal/lib/krb5/Makefile.am
index ecce461dd89..e22cfe87ce2 100644
--- a/third_party/heimdal/lib/krb5/Makefile.am
+++ b/third_party/heimdal/lib/krb5/Makefile.am
@@ -330,6 +330,8 @@ test_rfc3961_LDADD = \
$(LIB_hcrypto) \
$(LIB_roken)
+test_plugin_LDFLAGS = -lresolv
+
if DEVELOPER_MODE
headerdeps = $(dist_libkrb5_la_SOURCES)
endif
diff --git a/third_party/heimdal/lib/roken/Makefile.am
b/third_party/heimdal/lib/roken/Makefile.am
index 1f530c7aee5..8350d70348d 100644
--- a/third_party/heimdal/lib/roken/Makefile.am
+++ b/third_party/heimdal/lib/roken/Makefile.am
@@ -54,6 +54,7 @@ libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
parse_reply_test_SOURCES = parse_reply-test.c resolve.c
parse_reply_test_CFLAGS = -DTEST_RESOLVE
+parse_reply_test_LDFLAGS = -lresolv
test_readenv_SOURCES = test-readenv.c test-mem.c
test_auxval_SOURCES = test-auxval.c
--
Samba Shared Repository
