diff options
author | Tom Yu <tlyu@mit.edu> | 2010-10-15 20:42:23 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2010-10-15 20:42:23 +0000 |
commit | 2daa756363595c4ce04bb159e76fab310a21a7a1 (patch) | |
tree | 11a50ff7ca31b4cf870a3be01e7623da154b0366 | |
parent | ec3e36613f0139464e597f5c8fa3de8e0579cfdf (diff) | |
download | krb5-2daa756363595c4ce04bb159e76fab310a21a7a1.zip krb5-2daa756363595c4ce04bb159e76fab310a21a7a1.tar.gz krb5-2daa756363595c4ce04bb159e76fab310a21a7a1.tar.bz2 |
pull up r24452, r24453, r24454 from trunk
------------------------------------------------------------------------
r24454 | ghudson | 2010-10-13 13:20:36 -0400 (Wed, 13 Oct 2010) | 2 lines
Whitespace.
------------------------------------------------------------------------
r24453 | hartmans | 2010-10-12 21:19:20 -0400 (Tue, 12 Oct 2010) | 2 lines
Adjust valgrind support to assume a modern valgrind that requires %p in log files.
------------------------------------------------------------------------
r24452 | hartmans | 2010-10-12 21:19:14 -0400 (Tue, 12 Oct 2010) | 14 lines
ticket: 6801
target_version: 1.9
Subject: Fix leaks in get_init_creds interface
In Debian Bug 598032, Bastian Blank points out that there are two
leaks in the get_init_creds interface:
* Free ctx->request->padata after sending the KDC request so it is not
overwritten the next time around the loop.
* If options is NULL passed into krb5_get_init_creds_init, then set up
a non-extended options structure so that krb5_get_init_creds_free will
free the options.
ticket: 6801
version_fixed: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24456 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/config/pre.in | 2 | ||||
-rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 14 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/config/pre.in b/src/config/pre.in index d2cad1c..8efa549 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -566,7 +566,7 @@ VALGRIND= # Need absolute paths here because under kshd or ftpd we may run programs # while in other directories. VALGRIND_LOGDIR = `cd $(BUILDTOP)&&pwd` -VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg --trace-children=yes -v --leak-check=yes --suppressions=`cd $(top_srcdir)&&pwd`/util/valgrind-suppressions +VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg.%p --trace-children=yes -v --leak-check=yes --suppressions=`cd $(top_srcdir)&&pwd`/util/valgrind-suppressions # Set OFFLINE=yes to disable tests that assume network connectivity. # (Specifically, this concerns the ability to fetch DNS data for diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 836a517..71d1e12 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -798,6 +798,7 @@ krb5_init_creds_init(krb5_context context, int tmp; char *str = NULL; krb5_gic_opt_ext *opte; + krb5_get_init_creds_opt local_opts; TRACE_INIT_CREDS(context, client); @@ -822,9 +823,14 @@ krb5_init_creds_init(krb5_context context, ctx->start_time = start_time; if (options == NULL) { - code = krb5_get_init_creds_opt_alloc(context, &options); - if (code != 0) - goto cleanup; + /* + * We initialize a non-extended options because that way the shadowed + * flag will be sent and they will be freed when the init_creds context + * is freed. The options will be extended and copied off the stack into + * storage by opt_to_opte. + */ + krb5_get_init_creds_opt_init(&local_opts); + options = &local_opts; } code = krb5int_gic_opt_to_opte(context, options, @@ -1175,6 +1181,8 @@ init_creds_step_request(krb5_context context, goto cleanup; cleanup: + krb5_free_pa_data(context, ctx->request->padata); + ctx->request->padata = NULL; return code; } |