krb5_fcc_resolve file locking error on malloc failuer

In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault. 

Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.

[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20653 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 42e9ba0..0fe099c 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -1734,6 +1734,7 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
 	 setptr = malloc(sizeof(struct fcc_set));
 	 if (setptr == NULL) {
 	     k5_mutex_unlock(&krb5int_cc_file_mutex);
+ 	     k5_mutex_unlock(&data->lock);
 	     k5_mutex_destroy(&data->lock);
 	     free(data->filename);
 	     free(data);
@@ -1984,7 +1985,6 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
 	  free(data);
 	  close(ret);
 	  unlink(scratch);
-	  k5_mutex_unlock(&krb5int_cc_file_mutex);
 	  return KRB5_CC_NOMEM;
      }
 
@@ -2056,6 +2056,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
      setptr = malloc(sizeof(struct fcc_set));
      if (setptr == NULL) {
        k5_mutex_unlock(&krb5int_cc_file_mutex);
+       k5_mutex_unlock(&data->lock);
        k5_mutex_destroy(&data->lock);
        free(data->filename);
        free(data);