[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: leak at gssapi step function
|
From: |
Simon Josefsson |
|
Subject: |
Re: leak at gssapi step function |
|
Date: |
Fri, 02 Aug 2019 13:20:55 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Goktan Kantarcioglu <address@hidden> writes:
> Hello,
>
> I believe there is a 44 byte leak in gssapi server.c after the
> authentication gets successful. See following patch for details;
Hi Goktan! Thanks for your report. I have added your patch now, and it
will be part of the upcoming 1.8.1 release. Sorry for the delay!
/Simon
> diff -ru ../libgsasl-1.8.0/gssapi/server.c libgsasl-1.8.0/gssapi/server.c
> --- ../libgsasl-1.8.0/gssapi/server.c 2012-05-16 01:35:28.000000000 +0300
> +++ libgsasl-1.8.0/gssapi/server.c 2016-06-24 13:58:45.401620729 +0300
> @@ -251,6 +251,10 @@
> gsasl_property_set_raw (sctx, GSASL_GSSAPI_DISPLAY_NAME,
> client_name.value, client_name.length);
>
> + maj_stat = gss_release_buffer (&min_stat, &client_name);
> + if (GSS_ERROR (maj_stat))
> + return GSASL_GSSAPI_RELEASE_BUFFER_ERROR;
> +
> maj_stat = gss_release_buffer (&min_stat, &bufdesc2);
> if (GSS_ERROR (maj_stat))
> return GSASL_GSSAPI_RELEASE_BUFFER_ERROR;
>
>
>
> and the valgrind output before the patch applied.
>
> ==26465== 44 bytes in 1 blocks are definitely lost in loss record 17 of 30
> ==26465== at 0x4C2BBA0: malloc (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==26465== by 0x4ECB88D: gssalloc_malloc (gssapi_alloc.h:99)
> ==26465== by 0x4ECB8BB: gssalloc_strdup (gssapi_alloc.h:120)
> ==26465== by 0x4ECB932: gssint_g_make_string_buffer (util_buffer.c:42)
> ==26465== by 0x4F0471F: krb5_gss_display_name (disp_name.c:66)
> ==26465== by 0x4ECE151: gssint_display_internal_name (g_glue.c:542)
> ==26465== by 0x4ECD37B: gss_display_name (g_dsp_name.c:98)
> ==26465== by 0x4EC3AFF: _gsasl_gssapi_server_step (in
> /home/I326170/workspace/hanalite-auth/build/Debug/libv2auth.so)
> ==26465== by 0x4EBC4BA: gsasl_step64 (in
> /home/I326170/workspace/hanalite-auth/build/Debug/libv2auth.so)
> _______________________________________________
> Help-gsasl mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/help-gsasl
>
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: leak at gssapi step function,
Simon Josefsson <=