From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 27 Jun 2016 04:21:30 +0000 (-0400)
Subject: Fix memory leak in old gssrpc authentication
X-Git-Tag: krb5-1.15-beta1~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fa91a67e55c265a655f4276ae6ee1b310537e24;p=thirdparty%2Fkrb5.git

Fix memory leak in old gssrpc authentication

auth_gssapi_create(), which is now only used to connect to ancient
servers, can leak memory on error or when multiple GSSAPI_INIT calls
are required.  Ensure that call_res is freed along all exit paths and
before each repeat clnt_call() invocation.

ticket: 8434 (new)
---

diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index 64a6b5b791..ace0be925c 100644
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -283,6 +283,7 @@ next_token:
 
 	  PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func));
 
+	  xdr_free(xdr_authgssapi_init_res, &call_res);
 	  memset(&call_res, 0, sizeof(call_res));
 	  callstat = clnt_call(clnt, init_func,
 			       xdr_authgssapi_init_arg, &call_arg,
@@ -409,9 +410,6 @@ next_token:
 
 	       PRINTF(("gssapi_create: isn is %d\n",
 		       AUTH_PRIVATE(auth)->seq_num));
-
-	       /* we no longer need these results.. */
-	       xdr_free(xdr_authgssapi_init_res, &call_res);
 	  }
      } else if (call_res.signed_isn.length != 0) {
 	  PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
@@ -438,6 +436,7 @@ next_token:
      /* don't assume the caller will want to change clnt->cl_auth */
      clnt->cl_auth = save_auth;
 
+     xdr_free(xdr_authgssapi_init_res, &call_res);
      return auth;
 
      /******************************************************************/
@@ -459,6 +458,7 @@ cleanup:
      if (rpc_createerr.cf_stat == 0)
 	  rpc_createerr.cf_stat = RPC_AUTHERROR;
 
+     xdr_free(xdr_authgssapi_init_res, &call_res);
      return auth;
 }