[Freeipa-devel] [PATCH] 0017 Fix various memory leaks in Kerberos helper code

Mon Apr 16 12:25:24 UTC 2012

On Mon, Apr 16, 2012 at 02:13:06PM +0200, Petr Spacek wrote:
> Hello,
> 
> this patch fixes several memory leaks in Kerberos integration code.
> Fix was tested with Valgrind.
> 
> There is another memory leak in persistent search code, it will be
> fixed by separate patch.

Ack, please push it to master.

A

> From 2b95bc00554f19f8949fb4690d802828ccf17023 Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Mon, 16 Apr 2012 14:07:20 +0200
> Subject: [PATCH] Fix various memory leaks in Kerberos helper code.
>  Signed-off-by: Petr Spacek <pspacek at redhat.com>
> 
> ---
>  src/krb5_helper.c |   16 ++++++++++++----
>  1 files changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/src/krb5_helper.c b/src/krb5_helper.c
> index 571f511..ffa6938 100644
> --- a/src/krb5_helper.c
> +++ b/src/krb5_helper.c
> @@ -31,8 +31,9 @@
>  #define CHECK_KRB5(ctx, err, msg, ...)					\
>  	do {								\
>  		if (err) {						\
> -			log_error(msg " (%s)", ##__VA_ARGS__,		\
> -				  krb5_get_error_message(ctx, err));	\
> +			const char * errmsg = krb5_get_error_message(ctx, err);	\
> +			log_error(msg " (%s)", ##__VA_ARGS__, errmsg);	\
> +			krb5_free_error_message(ctx, errmsg);		\
>  			result = ISC_R_FAILURE;				\
>  			goto cleanup;					\
>  		}							\
> @@ -66,8 +67,10 @@ check_credentials(krb5_context context,
>  
>  	krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcreds, &creds);
>  	if (krberr) {
> +		const char * errmsg = krb5_get_error_message(context, krberr);
>  		log_debug(2, "Principal not found in cred cache (%s)",
> -			  krb5_get_error_message(context, krberr));
> +			  errmsg);
> +		krb5_free_error_message(context, errmsg);
>  		result = ISC_R_FAILURE;
>  		goto cleanup;
>  	}
> @@ -97,8 +100,9 @@ get_krb5_tgt(isc_mem_t *mctx, const char *principal, const char *keyfile)
>  	krb5_context context = NULL;
>  	krb5_keytab keytab = NULL;
>  	krb5_ccache ccache = NULL;
> -	krb5_principal kprincpw;
> +	krb5_principal kprincpw = NULL;
>  	krb5_creds my_creds;
> +	krb5_creds * my_creds_ptr = NULL;
>  	krb5_get_init_creds_opt options;
>  	krb5_error_code krberr;
>  	isc_result_t result;
> @@ -167,6 +171,7 @@ get_krb5_tgt(isc_mem_t *mctx, const char *principal, const char *keyfile)
>  	krberr = krb5_get_init_creds_keytab(context, &my_creds, kprincpw,
>  					    keytab, 0, NULL, &options);
>  	CHECK_KRB5(context, krberr, "Failed to init credentials");
> +	my_creds_ptr = &my_creds;
>  
>  	/* store credentials in cache */
>  	krberr = krb5_cc_initialize(context, ccache, kprincpw);
> @@ -179,7 +184,10 @@ get_krb5_tgt(isc_mem_t *mctx, const char *principal, const char *keyfile)
>  
>  cleanup:
>  	if (ccname) str_destroy(&ccname);
> +	if (ccache) krb5_cc_close(context, ccache);
>  	if (keytab) krb5_kt_close(context, keytab);
> +	if (kprincpw) krb5_free_principal(context, kprincpw);
> +	if (my_creds_ptr) krb5_free_cred_contents(context, my_creds_ptr);
>  	if (context) krb5_free_context(context);
>  	return result;
>  }
> -- 
> 1.7.7.6
> 

-- 
Adam Tkac, Red Hat, Inc.