diff options
author | Ezra Peisach <epeisach@mit.edu> | 2008-08-14 04:44:44 +0000 |
---|---|---|
committer | Ezra Peisach <epeisach@mit.edu> | 2008-08-14 04:44:44 +0000 |
commit | f4c8a41e68aa417d6ab95a41333507cf34f3f89c (patch) | |
tree | c0745f6fb5f2460a3a85bb3f31190ba9604ae5b0 /src/lib/krb5 | |
parent | 9b04053eddd676de68cde9e5c549409aee2282b3 (diff) | |
download | krb5-f4c8a41e68aa417d6ab95a41333507cf34f3f89c.zip krb5-f4c8a41e68aa417d6ab95a41333507cf34f3f89c.tar.gz krb5-f4c8a41e68aa417d6ab95a41333507cf34f3f89c.tar.bz2 |
krb5_fcc_resolve file locking error on malloc failuer
In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault.
Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.
[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20653 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
-rw-r--r-- | src/lib/krb5/ccache/cc_file.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 42e9ba0..0fe099c 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -1734,6 +1734,7 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { k5_mutex_unlock(&krb5int_cc_file_mutex); + k5_mutex_unlock(&data->lock); k5_mutex_destroy(&data->lock); free(data->filename); free(data); @@ -1984,7 +1985,6 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) free(data); close(ret); unlink(scratch); - k5_mutex_unlock(&krb5int_cc_file_mutex); return KRB5_CC_NOMEM; } @@ -2056,6 +2056,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { k5_mutex_unlock(&krb5int_cc_file_mutex); + k5_mutex_unlock(&data->lock); k5_mutex_destroy(&data->lock); free(data->filename); free(data); |