Fix memory leak in LDAP rename

krb5_ldap_rename_principal() must free bersecretkey.

ticket: 8065

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index 00c2c884676f0438d6acce5d3bc7251b138d2106..d722dbfa60aa5eb147c3e48e91150bd1754f9067 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -554,6 +554,7 @@ cleanup:
     free(dn);
     free(suser);
     free(tuser);
+    free_berdata(bersecretkey);
     krb5_db_free_principal(context, entry);
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
index a3f3c3cf6e0b41f36fc6b7b1adaed4d7860c4414..72a9f960b4a5f0b97789276765b78ce60a36b472 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
@@ -140,6 +140,9 @@ krb5_error_code
 krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
                          krb5_kvno *);
 
+void
+free_berdata(struct berval **array);
+
 krb5_error_code
 berval2tl_data(struct berval *in, krb5_tl_data **out);
 

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 7deafb1b8e004d98a396e77d5087a8de0d4d75ba..7ba53f959ce492465d5892225e3d1c6a491ee14b 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -429,7 +429,7 @@ asn1_decode_sequence_of_keys(krb5_data *in, ldap_seqof_key_data *out)
  * Free a NULL-terminated struct berval *array[] and all its contents.
  * Does not set array to NULL after freeing it.
  */
-static void
+void
 free_berdata(struct berval **array)
 {
     int i;