I found this while running an application under valgrind in search of a bug in my code. In kadm5_get_init_creds, the local variable "client" is initialized with krb5_parse_name, then never freed. I believe something like the attached patch is appropriate.
I found this on a Fedora Core 6 box, which has kerberos 1.5 installed. However, I downloaded the 1.6 release and verified that the leak is still present. Please CC me if you need anything more, as I am not subscribed to this list. This is a drive-by patching.
--- src/lib/kadm5/clnt/client_init.c.ORIG 2006-05-15 19:45:00.000000000 -0600 +++ src/lib/kadm5/clnt/client_init.c 2007-03-03 19:57:26.000000000 -0700 @@ -410,7 +410,7 @@ strlen(krb5_cc_get_name(handle->context, ccache)) + 2); if (handle->cache_name == NULL) { code = ENOMEM; - goto error; + goto error2; } sprintf(handle->cache_name, "%s:%s", krb5_cc_get_type(handle->context, ccache), @@ -425,11 +425,11 @@ code = krb5_cc_resolve(handle->context, handle->cache_name, &ccache); if (code) - goto error; + goto error2; code = krb5_cc_initialize (handle->context, ccache, client); if (code) - goto error; + goto error2; handle->destroy_cache = 1; } @@ -451,6 +451,8 @@ if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) code = KADM5_SECURE_PRINC_MISSING; +error2: + krb5_free_principal(handle->context, client); error: if (ccache != NULL && init_type != INIT_CREDS) krb5_cc_close(handle->context, ccache);
Regards, -- Jerry James, Assistant Professor [EMAIL PROTECTED] Computer Science Department http://www.cs.usu.edu/~jerry/ Utah State University
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos