From: Greg Hudson Date: Wed, 29 Jun 2016 21:13:33 +0000 (-0400) Subject: Fix a variety of one-time leaks X-Git-Tag: krb5-1.15-beta1~100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73c9944ae86cf3a89e11d3d3f15dd9b8da7b9cd1;p=thirdparty%2Fkrb5.git Fix a variety of one-time leaks Eliminate some memory leaks which should not affect normal operation, but which make it harder to detect more serious memory leaks. In kdb5_util, start using the already existing quit() function and remove redundant DB and master key cleanup performed by individual commands. In kdb5_destroy(), use util_context instead of creating a new one. Add an mkey_fullname global variable and use it to make a bunch of krb5_db_setup_mkey_name() calls unnecessary. --- diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index c96da88aa2..93fca1f6fb 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -328,6 +328,7 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags, display_status("initializing context", maj_stat, init_sec_min_stat); (void) gss_release_name(&min_stat, &target_name); + (void) gss_release_cred(&min_stat, &cred); if (*gss_context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&min_stat, gss_context, GSS_C_NO_BUFFER); diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c index 214643b807..f95554903e 100644 --- a/src/clients/kdestroy/kdestroy.c +++ b/src/clients/kdestroy/kdestroy.c @@ -166,6 +166,7 @@ main(argc, argv) krb5_free_string(kcontext, cache_name); } krb5_cccol_cursor_free(kcontext, &cursor); + krb5_free_context(kcontext); return 0; } @@ -200,5 +201,6 @@ main(argc, argv) if (!quiet && !errflg) print_remaining_cc_warning(kcontext); + krb5_free_context(kcontext); return errflg; } diff --git a/src/clients/kinit/extern.h b/src/clients/kinit/extern.h index 28682a1126..2c28623180 100644 --- a/src/clients/kinit/extern.h +++ b/src/clients/kinit/extern.h @@ -28,5 +28,6 @@ #define KINIT_EXTERN_H krb5_error_code kinit_kdb_init(krb5_context *pcontext, char *realm); +void kinit_kdb_fini(void); #endif /* KINIT_EXTERN_H */ diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index ce5aa4bb8c..f1cd1b73db 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -896,6 +896,9 @@ k5_kinit(opts, k5) } cleanup: +#ifndef _WIN32 + kinit_kdb_fini(); +#endif if (options) krb5_get_init_creds_opt_free(k5->ctx, options); if (my_creds.client == k5->me) { diff --git a/src/clients/kinit/kinit_kdb.c b/src/clients/kinit/kinit_kdb.c index 8e949f9782..0b8af10bd3 100644 --- a/src/clients/kinit/kinit_kdb.c +++ b/src/clients/kinit/kinit_kdb.c @@ -69,3 +69,9 @@ kinit_kdb_init(krb5_context *pcontext, char *realm) retval = krb5_kt_register(*pcontext, &krb5_kt_kdb_ops); return retval; } + +void +kinit_kdb_fini() +{ + kadm5_destroy(server_handle); +} diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index f8183dd10e..ba19788a25 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -341,6 +341,7 @@ void do_keytab(name) } printf("\n"); krb5_free_unparsed_name(kcontext, pname); + krb5_free_keytab_entry_contents(kcontext, &entry); } if (code && code != KRB5_KT_END) { com_err(progname, code, _("while scanning keytab")); @@ -505,6 +506,8 @@ show_ccache(krb5_ccache cache) krb5_free_cred_contents(kcontext, &creds); } krb5_free_principal(kcontext, princ); + krb5_free_unparsed_name(kcontext, defname); + defname = NULL; if (code == KRB5_CC_END) { if ((code = krb5_cc_end_seq_get(kcontext, cache, &cur))) { com_err(progname, code, _("while finishing ticket retrieval")); diff --git a/src/clients/kswitch/kswitch.c b/src/clients/kswitch/kswitch.c index 6ad470b099..f26ecea032 100644 --- a/src/clients/kswitch/kswitch.c +++ b/src/clients/kswitch/kswitch.c @@ -117,6 +117,7 @@ main(int argc, char **argv) princ_name); exit(1); } + krb5_free_principal(context, princ); } ret = krb5_cc_switch(context, cache); @@ -124,5 +125,8 @@ main(int argc, char **argv) com_err(progname, ret, _("while switching to credential cache")); exit(1); } + + krb5_cc_close(context, cache); + krb5_free_context(context); return 0; } diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 45741c70d1..c53c677a82 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -585,6 +585,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out) if (freeprinc) free(princstr); + free(params.keysalts); free(db_name); free(db_args); diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c index b6edb7571c..b0c8378b40 100644 --- a/src/kadmin/cli/keytab.c +++ b/src/kadmin/cli/keytab.c @@ -361,7 +361,7 @@ static void remove_principal(char *keytab_str, krb5_keytab keytab, char *princ_str, char *kvno_str) { - krb5_principal princ; + krb5_principal princ = NULL; krb5_keytab_entry entry; krb5_kt_cursor cursor; enum { UNDEF, SPEC, HIGH, ALL, OLD } mode; @@ -371,7 +371,7 @@ remove_principal(char *keytab_str, krb5_keytab keytab, code = krb5_parse_name(context, princ_str, &princ); if (code != 0) { com_err(whoami, code, _("while parsing principal name %s"), princ_str); - return; + goto cleanup; } mode = UNDEF; @@ -409,7 +409,7 @@ remove_principal(char *keytab_str, krb5_keytab keytab, com_err(whoami, code, _("while retrieving highest kvno from keytab")); } - return; + goto cleanup; } /* set kvno to spec'ed value for SPEC, highest kvno otherwise */ @@ -420,7 +420,7 @@ remove_principal(char *keytab_str, krb5_keytab keytab, code = krb5_kt_start_seq_get(context, keytab, &cursor); if (code != 0) { com_err(whoami, code, _("while starting keytab scan")); - return; + goto cleanup; } did_something = 0; @@ -441,17 +441,17 @@ remove_principal(char *keytab_str, krb5_keytab keytab, if (code != 0) { com_err(whoami, code, _("while temporarily ending keytab scan")); - return; + goto cleanup; } code = krb5_kt_remove_entry(context, keytab, &entry); if (code != 0) { com_err(whoami, code, _("while deleting entry from keytab")); - return; + goto cleanup; } code = krb5_kt_start_seq_get(context, keytab, &cursor); if (code != 0) { com_err(whoami, code, _("while restarting keytab scan")); - return; + goto cleanup; } did_something++; @@ -464,12 +464,12 @@ remove_principal(char *keytab_str, krb5_keytab keytab, } if (code && code != KRB5_KT_END) { com_err(whoami, code, _("while scanning keytab")); - return; + goto cleanup; } code = krb5_kt_end_seq_get(context, keytab, &cursor); if (code) { com_err(whoami, code, _("while ending keytab scan")); - return; + goto cleanup; } /* @@ -481,6 +481,9 @@ remove_principal(char *keytab_str, krb5_keytab keytab, fprintf(stderr, _("%s: There is only one entry for principal %s in " "keytab %s\n"), whoami, princ_str, keytab_str); } + +cleanup: + krb5_free_principal(context, princ); } /* diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 90fa87f940..412763874a 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -204,8 +204,10 @@ prep_ok_file(krb5_context context, char *file_name, int *fd) retval = krb5_lock_file(context, *fd, KRB5_LOCKMODE_EXCLUSIVE); if (retval) { com_err(progname, retval, _("while locking 'ok' file, '%s'"), file_ok); + free(file_ok); return 0; } + free(file_ok); return 1; } @@ -535,6 +537,7 @@ dump_ov_princ(krb5_context context, krb5_db_entry *entry, const char *name, fputc('\n', fp); free(princstr); + xdr_free(xdr_osa_princ_ent_rec, &adb); return 0; } diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 9bfe2016eb..8173b091ad 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -114,6 +114,7 @@ static krb5_error_code add_principal extern krb5_keyblock master_keyblock; extern krb5_principal master_princ; +extern char *mkey_fullname; krb5_data master_salt; krb5_data tgt_princ_entries[] = { @@ -155,7 +156,6 @@ void kdb5_create(argc, argv) int optchar; krb5_error_code retval; - char *mkey_fullname; char *pw_str = 0; unsigned int pw_size = 0; int do_stash = 0; @@ -316,7 +316,6 @@ void kdb5_create(argc, argv) if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) || (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { - (void) krb5_db_fini(util_context); com_err(progname, retval, _("while adding entries to the database")); exit_status++; return; } @@ -349,9 +348,6 @@ void kdb5_create(argc, argv) printf(_("Warning: couldn't stash master key.\n")); } /* clean up */ - (void) krb5_db_fini(util_context); - memset(master_keyblock.contents, 0, master_keyblock.length); - free(master_keyblock.contents); if (pw_str) { memset(pw_str, 0, pw_size); free(pw_str); diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c index e5895523b6..fffce74296 100644 --- a/src/kadmin/dbutil/kdb5_destroy.c +++ b/src/kadmin/dbutil/kdb5_destroy.c @@ -48,22 +48,8 @@ kdb5_destroy(argc, argv) char *dbname; char buf[5]; krb5_error_code retval1; - krb5_context context; int force = 0; - retval1 = kadm5_init_krb5_context(&context); - if( retval1 ) - { - com_err(progname, retval1, _("while initializing krb5_context")); - exit(1); - } - - if ((retval1 = krb5_set_default_realm(context, - util_context->default_realm))) { - com_err(progname, retval1, _("while setting default realm name")); - exit(1); - } - dbname = global_params.dbname; optind = 1; @@ -92,7 +78,7 @@ kdb5_destroy(argc, argv) printf(_("OK, deleting database '%s'...\n"), dbname); } - retval1 = krb5_db_destroy(context, db5util_db_args); + retval1 = krb5_db_destroy(util_context, db5util_db_args); if (retval1) { com_err(progname, retval1, _("deleting database '%s'"), dbname); exit_status++; return; diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index 0449732702..7df8cbc83f 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -32,6 +32,7 @@ extern krb5_keyblock master_keyblock; /* current mkey */ extern krb5_kvno master_kvno; extern krb5_principal master_princ; extern krb5_data master_salt; +extern char *mkey_fullname; extern char *mkey_password; extern char *progname; extern int exit_status; @@ -91,6 +92,9 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, * krb5_key_data key_data_contents is a pointer to this key. Using some * logic from master_key_convert(). */ + for (i = 0; i < master_entry->n_key_data; i++) + krb5_free_key_data_contents(context, &master_entry->key_data[i]); + free(master_entry->key_data); master_entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * (old_key_data_count + 1)); if (master_entry->key_data == NULL) @@ -190,7 +194,6 @@ kdb5_add_mkey(int argc, char *argv[]) { int optchar; krb5_error_code retval; - char *mkey_fullname; char *pw_str = 0; unsigned int pw_size = 0; int do_stash = 0; @@ -199,7 +202,7 @@ kdb5_add_mkey(int argc, char *argv[]) krb5_keyblock new_mkeyblock; krb5_enctype new_master_enctype = ENCTYPE_UNKNOWN; char *new_mkey_password; - krb5_db_entry *master_entry; + krb5_db_entry *master_entry = NULL; krb5_timestamp now; /* @@ -208,7 +211,6 @@ kdb5_add_mkey(int argc, char *argv[]) */ memset(&new_mkeyblock, 0, sizeof(new_mkeyblock)); - memset(&master_princ, 0, sizeof(master_princ)); master_salt.data = NULL; while ((optchar = getopt(argc, argv, "e:s")) != -1) { @@ -234,16 +236,6 @@ kdb5_add_mkey(int argc, char *argv[]) if (new_master_enctype == ENCTYPE_UNKNOWN) new_master_enctype = global_params.enctype; - /* assemble & parse the master key name */ - if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - &mkey_fullname, &master_princ))) { - com_err(progname, retval, _("while setting up master key name")); - exit_status++; - return; - } - retval = krb5_db_get_principal(util_context, master_princ, 0, &master_entry); if (retval != 0) { @@ -321,7 +313,6 @@ kdb5_add_mkey(int argc, char *argv[]) } if ((retval = krb5_db_put_principal(util_context, master_entry))) { - (void) krb5_db_fini(util_context); com_err(progname, retval, _("while adding master key entry to the " "database")); exit_status++; @@ -343,9 +334,7 @@ kdb5_add_mkey(int argc, char *argv[]) cleanup_return: /* clean up */ - (void) krb5_db_fini(util_context); - zap((char *)master_keyblock.contents, master_keyblock.length); - free(master_keyblock.contents); + krb5_db_free_principal(util_context, master_entry); zap((char *)new_mkeyblock.contents, new_mkeyblock.length); free(new_mkeyblock.contents); if (pw_str) { @@ -353,7 +342,6 @@ cleanup_return: free(pw_str); } free(master_salt.data); - krb5_free_unparsed_name(util_context, mkey_fullname); return; } @@ -361,18 +349,15 @@ void kdb5_use_mkey(int argc, char *argv[]) { krb5_error_code retval; - char *mkey_fullname = NULL; krb5_kvno use_kvno; krb5_timestamp now, start_time; krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL, *prev_actkvno, *cur_actkvno; - krb5_db_entry *master_entry; + krb5_db_entry *master_entry = NULL; krb5_keylist_node *keylist_node; krb5_boolean inserted = FALSE; krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context); - memset(&master_princ, 0, sizeof(master_princ)); - if (argc < 2 || argc > 3) { /* usage calls exit */ usage(); @@ -427,16 +412,6 @@ kdb5_use_mkey(int argc, char *argv[]) * 5. put mkey princ. */ - /* assemble & parse the master key name */ - if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - &mkey_fullname, &master_princ))) { - com_err(progname, retval, _("while setting up master key name")); - exit_status++; - goto cleanup_return; - } - retval = krb5_db_get_principal(util_context, master_princ, 0, &master_entry); if (retval != 0) { @@ -548,7 +523,6 @@ kdb5_use_mkey(int argc, char *argv[]) } if ((retval = krb5_db_put_principal(util_context, master_entry))) { - (void) krb5_db_fini(util_context); com_err(progname, retval, _("while adding master key entry to the database")); exit_status++; @@ -557,9 +531,7 @@ kdb5_use_mkey(int argc, char *argv[]) cleanup_return: /* clean up */ - (void) krb5_db_fini(util_context); - krb5_free_unparsed_name(util_context, mkey_fullname); - krb5_free_principal(util_context, master_princ); + krb5_db_free_principal(util_context, master_entry); krb5_dbe_free_actkvno_list(util_context, actkvno_list); return; } @@ -568,11 +540,11 @@ void kdb5_list_mkeys(int argc, char *argv[]) { krb5_error_code retval; - char *mkey_fullname = NULL, *output_str = NULL, enctype[BUFSIZ]; + char *output_str = NULL, enctype[BUFSIZ]; krb5_kvno act_kvno; krb5_timestamp act_time; krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno; - krb5_db_entry *master_entry; + krb5_db_entry *master_entry = NULL; krb5_keylist_node *cur_kb_node; krb5_keyblock *act_mkey; krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context); @@ -583,16 +555,6 @@ kdb5_list_mkeys(int argc, char *argv[]) return; } - /* assemble & parse the master key name */ - if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - &mkey_fullname, &master_princ))) { - com_err(progname, retval, _("while setting up master key name")); - exit_status++; - return; - } - retval = krb5_db_get_principal(util_context, master_princ, 0, &master_entry); if (retval != 0) { @@ -667,10 +629,8 @@ kdb5_list_mkeys(int argc, char *argv[]) cleanup_return: /* clean up */ - (void) krb5_db_fini(util_context); - krb5_free_unparsed_name(util_context, mkey_fullname); + krb5_db_free_principal(util_context, master_entry); free(output_str); - krb5_free_principal(util_context, master_princ); krb5_dbe_free_actkvno_list(util_context, actkvno_list); return; } @@ -904,8 +864,7 @@ kdb5_update_princ_encryption(int argc, char *argv[]) int optchar; krb5_error_code retval; krb5_actkvno_node *actkvno_list = 0; - krb5_db_entry *master_entry; - char *mkey_fullname = 0; + krb5_db_entry *master_entry = NULL; #ifdef BSD_REGEXPS char *msg; #endif @@ -937,15 +896,8 @@ kdb5_update_princ_encryption(int argc, char *argv[]) usage(); } - retval = krb5_unparse_name(util_context, master_princ, &mkey_fullname); - if (retval) { - com_err(progname, retval, _("while formatting master principal name")); - exit_status++; - goto cleanup; - } - if (master_keylist == NULL) { - com_err(progname, retval, _("master keylist not initialized")); + com_err(progname, 0, _("master keylist not initialized")); exit_status++; goto cleanup; } @@ -1037,7 +989,6 @@ kdb5_update_princ_encryption(int argc, char *argv[]) com_err(progname, retval, _("trying to process principal database")); exit_status++; } - (void) krb5_db_fini(util_context); if (data.dry_run) { printf(_("%u principals processed: %u would be updated, %u already " "current\n"), @@ -1048,9 +999,12 @@ kdb5_update_princ_encryption(int argc, char *argv[]) } cleanup: + krb5_db_free_principal(util_context, master_entry); free(regexp); +#ifdef POSIX_REGEXPS + regfree(&data.preg); +#endif memset(&new_master_keyblock, 0, sizeof(new_master_keyblock)); - krb5_free_unparsed_name(util_context, mkey_fullname); krb5_dbe_free_actkvno_list(util_context, actkvno_list); } @@ -1095,9 +1049,8 @@ kdb5_purge_mkeys(int argc, char *argv[]) { int optchar; krb5_error_code retval; - char *mkey_fullname = NULL; krb5_timestamp now; - krb5_db_entry *master_entry; + krb5_db_entry *master_entry = NULL; krb5_boolean force = FALSE, dry_run = FALSE, verbose = FALSE; struct purge_args args; char buf[5]; @@ -1118,7 +1071,6 @@ kdb5_purge_mkeys(int argc, char *argv[]) return; } - memset(&master_princ, 0, sizeof(master_princ)); memset(&args, 0, sizeof(args)); optind = 1; @@ -1141,16 +1093,6 @@ kdb5_purge_mkeys(int argc, char *argv[]) } } - /* assemble & parse the master key name */ - if ((retval = krb5_db_setup_mkey_name(util_context, - global_params.mkey_name, - global_params.realm, - &mkey_fullname, &master_princ))) { - com_err(progname, retval, _("while setting up master key name")); - exit_status++; - return; - } - retval = krb5_db_get_principal(util_context, master_princ, 0, &master_entry); if (retval != 0) { @@ -1282,6 +1224,7 @@ kdb5_purge_mkeys(int argc, char *argv[]) if (args.kvnos[j].kvno == (krb5_kvno) old_key_data[i].key_data_kvno) { if (args.kvnos[j].use_count != 0) { master_entry->key_data[k++] = old_key_data[i]; + memset(&old_key_data[i], 0, sizeof(old_key_data[i])); break; } else { /* remove unused mkey */ @@ -1336,6 +1279,11 @@ kdb5_purge_mkeys(int argc, char *argv[]) } assert(k == num_kvnos_inuse); + /* Free any key data entries we did not consume in the loop above. */ + for (i = 0; i < old_key_data_count; i++) + krb5_dbe_free_key_data_contents(util_context, &old_key_data[i]); + free(old_key_data); + if ((retval = krb5_dbe_update_actkvno(util_context, master_entry, actkvno_list))) { com_err(progname, retval, @@ -1369,7 +1317,6 @@ kdb5_purge_mkeys(int argc, char *argv[]) master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA; if ((retval = krb5_db_put_principal(util_context, master_entry))) { - (void) krb5_db_fini(util_context); com_err(progname, retval, _("while adding master key entry to the database")); exit_status++; @@ -1378,11 +1325,8 @@ kdb5_purge_mkeys(int argc, char *argv[]) printf(_("%d key(s) purged.\n"), num_kvnos_purged); cleanup_return: - /* clean up */ - (void) krb5_db_fini(util_context); - krb5_free_principal(util_context, master_princ); + krb5_db_free_principal(util_context, master_entry); free(args.kvnos); - krb5_free_unparsed_name(util_context, mkey_fullname); krb5_dbe_free_actkvno_list(util_context, actkvno_list); krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_list); return; diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 97a349a824..000b5595c9 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -108,6 +108,7 @@ void usage() krb5_keyblock master_keyblock; krb5_kvno master_kvno; /* fetched */ extern krb5_principal master_princ; +char *mkey_fullname; krb5_db_entry *master_entry = NULL; int valid_master_key = 0; @@ -309,7 +310,7 @@ int main(argc, argv) com_err(progname, retval, _("while getting default realm")); exit(1); } - util_context->default_realm = temp; + krb5_free_default_realm(util_context, temp); } retval = kadm5_get_config_params(util_context, 1, @@ -350,8 +351,10 @@ int main(argc, argv) if( db5util_db_args ) free(db5util_db_args); + quit(); kadm5_free_config_params(util_context, &global_params); krb5_free_context(util_context); + free(cmd_argv); return exit_status; } @@ -384,6 +387,7 @@ void set_dbname(argc, argv) valid_master_key = 0; } krb5_free_principal(util_context, master_princ); + free(mkey_fullname); dbactive = FALSE; } @@ -421,7 +425,7 @@ static int open_db_and_mkey() if ((retval = krb5_db_setup_mkey_name(util_context, global_params.mkey_name, global_params.realm, - 0, &master_princ))) { + &mkey_fullname, &master_princ))) { com_err(progname, retval, _("while setting up master key name")); exit_status++; return(1); @@ -530,8 +534,10 @@ quit() if (finished) return 0; + ulog_fini(util_context); retval = krb5_db_fini(util_context); - memset(master_keyblock.contents, 0, master_keyblock.length); + zapfree(master_keyblock.contents, master_keyblock.length); + krb5_free_principal(util_context, master_princ); finished = TRUE; if (retval && retval != KRB5_KDB_DBNOTINITED) { com_err(progname, retval, _("while closing database")); diff --git a/src/kadmin/dbutil/tabdump.c b/src/kadmin/dbutil/tabdump.c index 4f9eb9d83b..69a3482ec9 100644 --- a/src/kadmin/dbutil/tabdump.c +++ b/src/kadmin/dbutil/tabdump.c @@ -370,8 +370,10 @@ princ_flags(struct rec_args *args, const char *name, krb5_db_entry *dbe) return ret; /* Don't print unknown flags if they're not set and numeric output * isn't requested. */ - if (!(flags & (1UL << i)) && strncmp(s, "0x", 2) == 0) + if (!(flags & (1UL << i)) && strncmp(s, "0x", 2) == 0) { + free(s); continue; + } } ret = princflag_rec(h, name, s, ((flags & (1UL << i)) != 0)); free(s); diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index ec771eedec..b3ae4ff5c4 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -354,6 +354,7 @@ kadm5_ret_t kadm5_destroy(void *server_handle) destroy_pwqual(handle); k5_kadm5_hook_free_handles(handle->context, handle->hook_handles); + ulog_fini(handle->context); krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); kadm5_free_config_params(handle->context, &handle->params); diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index b9664f4ce5..612553ba3e 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -41,11 +41,14 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, realm = r; } + krb5_free_principal(handle->context, master_princ); + master_princ = NULL; if ((ret = krb5_db_setup_mkey_name(handle->context, handle->params.mkey_name, realm, NULL, &master_princ))) goto done; + krb5_free_keyblock_contents(handle->context, &master_keyblock); master_keyblock.enctype = handle->params.enctype; /* diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 713b39d5c3..a3139a7dce 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1728,6 +1728,7 @@ krb5_error_code krb5_dbe_update_mkey_aux(krb5_context context, krb5_db_entry *entry, krb5_mkey_aux_node *mkey_aux_data_list) { + krb5_error_code status; krb5_tl_data tl_data; krb5_int16 version, tmp_kvno; unsigned char *nextloc; @@ -1792,7 +1793,9 @@ krb5_dbe_update_mkey_aux(krb5_context context, krb5_db_entry *entry, } } - return (krb5_dbe_update_tl_data(context, entry, &tl_data)); + status = krb5_dbe_update_tl_data(context, entry, &tl_data); + free(tl_data.tl_data_contents); + return status; } #endif /* KRB5_TL_MKEY_AUX_VER == 1 */ diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index e95791f508..5a745e21d9 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -466,6 +466,7 @@ kdb5_ldap_create(int argc, char *argv[]) global_params.realm); goto err_nomsg; } + free(rparams->containerref); rparams->containerref = strdup(argv[i]); if (rparams->containerref == NULL) { retval = ENOMEM; @@ -592,6 +593,7 @@ kdb5_ldap_create(int argc, char *argv[]) global_params.realm); goto err_nomsg; } + free(ldap_context->lrparams->realm_name); ldap_context->lrparams->realm_name = strdup(global_params.realm); if (ldap_context->lrparams->realm_name == NULL) { retval = ENOMEM; @@ -699,7 +701,8 @@ cleanup: exit_status++; } - return; + krb5_free_keyblock_contents(util_context, &master_keyblock); + krb5_free_principal(util_context, master_princ); } @@ -749,7 +752,9 @@ kdb5_ldap_modify(int argc, char *argv[]) if (rparams->subtree) { for (k=0; ksubtreecount && rparams->subtree[k]; k++) free(rparams->subtree[k]); + free(rparams->subtree); rparams->subtreecount=0; + rparams->subtree = NULL; } } if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) { @@ -787,6 +792,7 @@ kdb5_ldap_modify(int argc, char *argv[]) global_params.realm); goto err_nomsg; } + free(rparams->containerref); rparams->containerref = strdup(argv[i]); if (rparams->containerref == NULL) { retval = ENOMEM; diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c index 8d6f3752d8..818ff62b6b 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c @@ -392,8 +392,8 @@ main(int argc, char *argv[]) exit_status++; goto cleanup; } - } else - util_context->default_realm = temp; + } + krb5_free_default_realm(util_context, temp); } /* If we have the realm name, we can safely say that * realm_name is required so that we don't neglect any information. @@ -585,7 +585,7 @@ cleanup: if (util_context) { if (gp_is_static == 0) kadm5_free_config_params(util_context, &global_params); - krb5_ldap_close(util_context); + krb5_db_fini(util_context); krb5_free_context(util_context); } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 06062780dd..28dffe0c26 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -881,6 +881,9 @@ krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams) free(rparams->subtree); } + if (rparams->containerref) + free(rparams->containerref); + if (rparams->kdcservers) { for (i=0; rparams->kdcservers[i]; ++i) free(rparams->kdcservers[i]); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c index 85e56fe361..f5c6ab8cd3 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c @@ -35,6 +35,16 @@ /* Ticket policy object management */ +static void +free_list(char **list) +{ + int i; + + for (i = 0; list != NULL && list[i] != NULL; i++) + free(list[i]); + free(list); +} + /* * create the Ticket policy object in Directory. */ @@ -263,6 +273,7 @@ cleanup: krb5_ldap_free_policy(context, lpolicy); *policy = NULL; } + free(policy_dn); ldap_msgfree(result); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return st; @@ -377,6 +388,7 @@ krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy) } cleanup: + free_list(list); return st; } @@ -477,12 +489,8 @@ cleanup: /* some error, free up all the memory */ if (st != 0) { - if (*list) { - for (i=0; (*list)[i]; ++i) - free ((*list)[i]); - free (*list); - *list = NULL; - } + free_list(*list); + *list = NULL; } ldap_msgfree(result); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 955db50e87..e80ecab140 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -242,13 +242,6 @@ get_tickets(krb5_context context) exit(1); } - /* Fill in the client. */ - retval = krb5_copy_principal(context, my_principal, &creds.client); - if (retval) { - com_err(progname, retval, _("while copying client principal")); - exit(1); - } - if (srvtab != NULL) { retval = krb5_kt_resolve(context, srvtab, &keytab); if (retval) { @@ -598,6 +591,7 @@ xmit_database(krb5_context context, krb5_auth_context auth_context, send_size, database_size); exit(1); } + free(inbuf.data); free(outbuf.data); } diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index 1b60126644..ef64222986 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -1000,6 +1000,8 @@ done: free(master_svc_princstr); krb5_free_default_realm(kpropd_context, def_realm); kadm5_destroy(server_handle); + krb5_db_fini(kpropd_context); + ulog_fini(kpropd_context); krb5_free_context(kpropd_context); return (runonce == 1) ? 0 : 1; diff --git a/src/slave/kproplog.c b/src/slave/kproplog.c index 857ef03da8..4f19eeb8c1 100644 --- a/src/slave/kproplog.c +++ b/src/slave/kproplog.c @@ -561,5 +561,7 @@ main(int argc, char **argv) printf("\n"); + kadm5_free_config_params(context, ¶ms); + krb5_free_context(context); return 0; }