[PATCHES] fix a couple of memory leaks

Uri Simchoni uri at samba.org
Mon Jul 4 05:32:38 UTC 2016


On 07/04/2016 05:14 AM, Richard Sharpe wrote:
> On Sun, Jul 3, 2016 at 1:23 PM, Uri Simchoni <uri at samba.org> wrote:
> 
> Could be hoist the *keytype = 0 to before the #ifdef? Something like this?
> 
> diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
> index 685d0ec..0d0b4ee 100644
> --- a/auth/kerberos/gssapi_pac.c
> +++ b/auth/kerberos/gssapi_pac.c
> @@ -246,6 +246,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
>                 int diflen, i;
>                 const uint8_t *p;
> 
> +               *keytype = 0;
>                 if (set->count < 2) {
> 
>  #ifdef HAVE_GSSKRB5_GET_SUBKEY
> @@ -256,11 +257,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
>                         if (gss_maj == 0) {
>                                 *keytype = KRB5_KEY_TYPE(subkey);
>                                 krb5_free_keyblock(NULL /* should be
> krb5_context */, subkey);
> -                       } else
> -#else
> -                       {
> -                               *keytype = 0;
> -                       }
> +                       }
>  #endif
>                         gss_maj = gss_release_buffer_set(&gss_min, &set);
> 
> That seems to simplify the #ifdef stuff ...
> 

Yeah, you're right. Attached fixed patch.

Thanks,
Uri.
-------------- next part --------------
From 0d299248db1d1ea031b42783c89816f4b81011f8 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sun, 3 Jul 2016 22:50:22 +0300
Subject: [PATCH v2 1/2] auth: fix a memory leak in gssapi_get_session_key()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006

Signed-off-by: Uri Simchoni <uri at samba.org>
---
 auth/kerberos/gssapi_pac.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 685d0ec..74c199a 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -246,6 +246,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 		int diflen, i;
 		const uint8_t *p;
 
+		*keytype = 0;
 		if (set->count < 2) {
 
 #ifdef HAVE_GSSKRB5_GET_SUBKEY
@@ -256,10 +257,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 			if (gss_maj == 0) {
 				*keytype = KRB5_KEY_TYPE(subkey);
 				krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
-			} else
-#else
-			{
-				*keytype = 0;
 			}
 #endif
 			gss_maj = gss_release_buffer_set(&gss_min, &set);
@@ -270,7 +267,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 				  gse_sesskeytype_oid.elements,
 				  gse_sesskeytype_oid.length) != 0) {
 			/* Perhaps a non-krb5 session key */
-			*keytype = 0;
 			gss_maj = gss_release_buffer_set(&gss_min, &set);
 			return NT_STATUS_OK;
 		}
@@ -280,7 +276,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 			gss_maj = gss_release_buffer_set(&gss_min, &set);
 			return NT_STATUS_INVALID_PARAMETER;
 		}
-		*keytype = 0;
 		for (i = 0; i < diflen; i++) {
 			*keytype = (*keytype << 7) | (p[i] & 0x7f);
 			if (i + 1 != diflen && (p[i] & 0x80) == 0) {
-- 
2.5.5


From 9d862393ae107697843392135b025a8808f8adf7 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Sun, 3 Jul 2016 22:51:56 +0300
Subject: [PATCH v2 2/2] s3-libads: fix a memory leak in ads_sasl_spnego_bind()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006

Signed-off-by: Uri Simchoni <uri at samba.org>
---
 source3/libads/sasl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 10f63e8..d76d872 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -696,7 +696,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 	struct berval *scred=NULL;
 	int rc, i;
 	ADS_STATUS status;
-	DATA_BLOB blob;
+	DATA_BLOB blob = data_blob_null;
 	char *given_principal = NULL;
 	char *OIDs[ASN1_MAX_OIDS];
 #ifdef HAVE_KRB5
@@ -792,6 +792,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 done:
 	ads_free_service_principal(&p);
 	TALLOC_FREE(frame);
+	if (blob.data != NULL) {
+		data_blob_free(&blob);
+	}
 	return status;
 }
 
-- 
2.5.5



More information about the samba-technical mailing list