[19717] in Kerberos_V5_Development
Patch 7/9: client_pubkey always leaks in server_process_dh()
daemon@ATHENA.MIT.EDU (Alexandr Nedvedicky)
Mon Feb 19 19:50:53 2018
Date: Tue, 20 Feb 2018 01:47:10 +0100
From: Alexandr Nedvedicky <alexandr.nedvedicky@oracle.com>
To: krbdev@mit.edu
Message-ID: <20180220004710.GA20207@tbd.cz.oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hello,
I'm upgrading kerberos bundled with Solaris to krb5-1.16. Solaris currently
ships krb5-1.15.1. I've noticed there are some memory leaks, while running test
suite, which comes with krb-1.16 (e.g. running 'make check'). I don't think
those memory leaks are critical, though as kerberos newbie I can't be sure, so
I think I'm better to share my findings. All memory leaks were found using
'libumem', which can be found on Solaris (or its OSS sibbling illumos).
All patches are against krb5-1.16 release.
In function server_process_dh() the client_pubkey is not needed once
we print it at line 2991. we must just free it to avoid memory leak.
regards
sasha
--------8<---------------8<---------------8<------------------8<--------
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 19bf1c359..028d4cd34 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2994,6 +2994,9 @@ server_process_dh(krb5_context context,
print_buffer(*server_key, *server_key_len);
#endif
+ BN_free(client_pubkey);
+ client_pubkey = NULL;
+
/* KDC reply */
/* pack DH public key */
/* Diffie-Hellman public key must be ASN1 encoded as an INTEGER; this
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev