Patch 7/9: client_pubkey always leaks in server_process_dh()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Patch 7/9: client_pubkey always leaks in server_process_dh()

Alexandr Nedvedicky
Hello,

I'm upgrading kerberos bundled with Solaris to krb5-1.16. Solaris currently
ships krb5-1.15.1. I've noticed there are some memory leaks, while running test
suite, which comes with krb-1.16 (e.g. running 'make check').  I don't think
those memory leaks are critical, though as kerberos newbie I can't be sure, so
I think I'm better to share my findings. All memory leaks were found using
'libumem', which can be found on Solaris (or its OSS sibbling illumos).
All patches are against krb5-1.16 release.

In function server_process_dh() the client_pubkey is not needed once
we print it at line 2991. we must just free it to avoid memory leak.

regards
sasha

--------8<---------------8<---------------8<------------------8<--------
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 19bf1c359..028d4cd34 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2994,6 +2994,9 @@ server_process_dh(krb5_context context,
     print_buffer(*server_key, *server_key_len);
 #endif
 
+    BN_free(client_pubkey);
+    client_pubkey = NULL;
+
     /* KDC reply */
     /* pack DH public key */
     /* Diffie-Hellman public key must be ASN1 encoded as an INTEGER; this
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev