Fix memory leak in old gssrpc authentication

auth_gssapi_create(), which is now only used to connect to ancient
servers, can leak memory on error or when multiple GSSAPI_INIT calls
are required.  Ensure that call_res is freed along all exit paths and
before each repeat clnt_call() invocation.

ticket: 8434 (new)

diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index 64a6b5b791e8fe90731592452032f89784fca293..ace0be925cc6d0e0e720f80750d11215f0489cc0 100644 (file)
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -283,6 +283,7 @@ next_token:
 
          PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func));
 
+         xdr_free(xdr_authgssapi_init_res, &call_res);
          memset(&call_res, 0, sizeof(call_res));
          callstat = clnt_call(clnt, init_func,
                               xdr_authgssapi_init_arg, &call_arg,
@@ -409,9 +410,6 @@ next_token:
 
               PRINTF(("gssapi_create: isn is %d\n",
                       AUTH_PRIVATE(auth)->seq_num));
-
-              /* we no longer need these results.. */
-              xdr_free(xdr_authgssapi_init_res, &call_res);
          }
      } else if (call_res.signed_isn.length != 0) {
          PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
@@ -438,6 +436,7 @@ next_token:
      /* don't assume the caller will want to change clnt->cl_auth */
      clnt->cl_auth = save_auth;
 
+     xdr_free(xdr_authgssapi_init_res, &call_res);
      return auth;
 
      /******************************************************************/
@@ -459,6 +458,7 @@ cleanup:
      if (rpc_createerr.cf_stat == 0)
          rpc_createerr.cf_stat = RPC_AUTHERROR;
 
+     xdr_free(xdr_authgssapi_init_res, &call_res);
      return auth;
 }