Catching more principals in ads_keytab_verify_ticket()
Jeremy Allison
jra at samba.org
Sat Mar 12 16:50:22 GMT 2005
On Sat, Mar 12, 2005 at 10:09:04AM +0000, Michael Brown wrote:
>
> Are you sure it needs to be freed? I was basing it on the keytab
> iteration code in MIT's klist.c, which does:
>
> while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) {
> if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) {
> com_err(progname, code, "while unparsing principal name");
> exit(1);
> }
> ... several printf statements ...
> krb5_free_unparsed_name(kcontext, pname);
> }
Yeah, they can get away with doing that because they're a short
lived command-line process. Even saying that, it's leaking memory.
According to the API docs the entry returned by krb5_kt_next_entry()
must be freed.
valgrind it to be sure.
> I added code to always free the unparsed name, even if the loop aborts
> (since we don't just exit() in kerberos_verify.c). From looking at
> kinit.c, I assumed that krb5_kt_next_entry() returned a pointer to a
> static structure in entry, in which case freeing it would be a bad idea.
>
> Heimdal may be different, of course; I don't know.
Heimdal is *definately* different, that's what makes doing this code
such a challenge :-).
Jeremy.
More information about the samba-technical
mailing list