diff options
| author | Matt Barden <mbarden@tintri.com> | 2022-09-27 17:27:44 -0400 |
|---|---|---|
| committer | Matt Barden <mbarden@tintri.com> | 2022-11-04 20:05:30 -0400 |
| commit | cfed4d7055842c539437036c634e7fe84d10977d (patch) | |
| tree | 5df75cda990824add7bc4aafc352a1af3a5f1adb | |
| parent | 549ab26f262a63e8892b99d530a98fea6423ad63 (diff) | |
| download | illumos-joyent-cfed4d7055842c539437036c634e7fe84d10977d.tar.gz | |
15085 mech_krb5: memory leaked during context establishment
Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@mnx.io>
| -rw-r--r-- | usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_in_tkt.c | 6 | ||||
| -rw-r--r-- | usr/src/lib/gss_mechs/mech_krb5/mech/accept_sec_context.c | 10 |
2 files changed, 9 insertions, 7 deletions
diff --git a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_in_tkt.c b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_in_tkt.c index 967c8f7fe4..0a3a0d075e 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_in_tkt.c +++ b/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/get_in_tkt.c @@ -1,6 +1,6 @@ /* * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2014 Nexenta Systems, Inc. All rights reserved. + * Copyright 2022 Tintri by DDN, Inc. All rights reserved. */ /* * lib/krb5/krb/get_in_tkt.c @@ -1306,6 +1306,10 @@ krb5_get_init_creds(krb5_context context, err_reply = NULL; local_as_reply = 0; + + free(hostname_used); + hostname_used = NULL; + if ((ret = send_as_request2(context, &request, &err_reply, &local_as_reply, use_master, &hostname_used))) diff --git a/usr/src/lib/gss_mechs/mech_krb5/mech/accept_sec_context.c b/usr/src/lib/gss_mechs/mech_krb5/mech/accept_sec_context.c index 50488192e8..821327f5da 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/mech/accept_sec_context.c +++ b/usr/src/lib/gss_mechs/mech_krb5/mech/accept_sec_context.c @@ -1,5 +1,6 @@ /* * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2022 Tintri by DDN, Inc. All rights reserved. */ /* * Copyright 2000, 2004 by the Massachusetts Institute of Technology. @@ -1142,6 +1143,9 @@ krb5_gss_accept_sec_context(minor_status, context_handle, *delegated_cred_handle = (gss_cred_id_t) deleg_cred; } + if (server_name) + krb5_free_principal(context, server_name); + /* finally! */ *minor_status = 0; @@ -1149,10 +1153,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle, fail: if (mech_type) { - unsigned int min; - gss_buffer_desc oidstr; - oidstr.value = NULL; - /* * This needs to be set/returned even on fail so * gss_accept_sec_context() can map_error_oid() the correct @@ -1160,8 +1160,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle, * (needed in CIFS/SPNEGO case) */ *mech_type = (gss_OID) mech_used; - - (void) gss_oid_to_str(&min, *mech_type, &oidstr); } if (authdat) |