From: sashan <anedvedicky@gmail.com>
Date: Tue, 20 Feb 2018 21:35:51 +0000 (+0100)
Subject: Fix trivial KDC memory leak with test KDB module
X-Git-Tag: krb5-1.17-beta1~180
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14f03abd6d5dee71d45293c9369b6cfeaf8a1be5;p=thirdparty%2Fkrb5.git

Fix trivial KDC memory leak with test KDB module

If a KDB module zeroes out the master key in its fetch_master_key()
method (as the test KDB module does), krb5_db_fetch_mkey() will copy
it, allocating one byte of memory for the contents.  The KDC will then
leak it on exit, as the length is zero.  Simplify master key
destruction using zapfree().

[ghudson@mit.edu: wrote commit message]
---

diff --git a/src/kdc/main.c b/src/kdc/main.c
index e1ee3a94f1..96281ada3a 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -161,11 +161,7 @@ finish_realm(kdc_realm_t *rdp)
     if (rdp->realm_context) {
         if (rdp->realm_mprinc)
             krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
-        if (rdp->realm_mkey.length && rdp->realm_mkey.contents) {
-            /* XXX shouldn't memset be zap for safety? */
-            memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
-            free(rdp->realm_mkey.contents);
-        }
+        zapfree(rdp->realm_mkey.contents, rdp->realm_mkey.length);
         krb5_db_fini(rdp->realm_context);
         if (rdp->realm_tgsprinc)
             krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);