Catching more principals in ads_keytab_verify_ticket()

Sat Mar 12 16:50:22 GMT 2005

On Sat, Mar 12, 2005 at 10:09:04AM +0000, Michael Brown wrote:
> 
> Are you sure it needs to be freed?  I was basing it on the keytab 
> iteration code in MIT's klist.c, which does:
> 
>     while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) {
> 	  if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) {
> 	       com_err(progname, code, "while unparsing principal name");
> 	       exit(1);
> 	  }
> 	  ... several printf statements ...
> 	  krb5_free_unparsed_name(kcontext, pname);
>      }

Yeah, they can get away with doing that because they're a short
lived command-line process. Even saying that, it's leaking memory.

According to the API docs the entry returned by krb5_kt_next_entry()
must be freed.

valgrind it to be sure.

> I added code to always free the unparsed name, even if the loop aborts 
> (since we don't just exit() in kerberos_verify.c).  From looking at 
> kinit.c, I assumed that krb5_kt_next_entry() returned a pointer to a 
> static structure in entry, in which case freeing it would be a bad idea.
> 
> Heimdal may be different, of course; I don't know.

Heimdal is *definately* different, that's what makes doing this code
such a challenge :-).

Jeremy.