From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 3 Jun 2022 18:38:45 +0000 (-0400)
Subject: Free verto context later in KDC cleanup
X-Git-Tag: krb5-1.21-beta1~64
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8dcace04945723cd6a3c8ea2c1ba467c22eb6584;p=thirdparty%2Fkrb5.git

Free verto context later in KDC cleanup

The KDC supplies the verto context to kdcpreauth modules via the loop
method (added in commit 83b4ecd20e50ad330cd761977d5dadefe30a785b).
This context should remain valid until kdcpreauth modules are
unloaded, as modules might refer to it during cleanup.  In particular,
the OTP module references the verto context when freeing the RADIUS
client object (commit e89abc2d4ea1fea1ec28d470f297514b828e4842), which
can cause a memory error during KDC shutdown without this change.

ticket: 9064 (new)
tags: pullup
target_version: 1.20-next
target_version: 1.19-next
---

diff --git a/src/kdc/main.c b/src/kdc/main.c
index be6e361b86..bfdfef5c48 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -1037,7 +1037,6 @@ int main(int argc, char **argv)
     kau_kdc_start(kcontext, TRUE);
 
     verto_run(ctx);
-    loop_free(ctx);
     kau_kdc_stop(kcontext, TRUE);
     krb5_klog_syslog(LOG_INFO, _("shutting down"));
     unload_preauth_plugins(kcontext);
@@ -1051,6 +1050,7 @@ int main(int argc, char **argv)
 #ifndef NOCACHE
     kdc_free_lookaside(kcontext);
 #endif
+    loop_free(ctx);
     krb5_free_context(kcontext);
     return errout;
 }