diff options
author | Russ Allbery <eagle@eyrie.org> | 2013-12-26 14:48:14 -0800 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2013-12-26 14:54:43 -0800 |
commit | 9a2c863d11a89dfb914c809d08f15a3ebc702386 (patch) | |
tree | f0c25eb9ab58dedf74f3ccbf8ca69aae57083bbf /client | |
parent | ad0792bfd275b3fffba3c0accd2db70233ff305c (diff) |
Close memory leak in remctl_set_ccache
Fix a client memory leak when remctl_set_ccache is used with a
Kerberos library that supports gss_krb5_import_cred. The credential
was never freed, leaking memory with each remctl client call, and a
Kerberos ticket cache struct could also be leaked in some situations.
Change-Id: I21cf03a289bb23da690a9ea017fe0e504460a0d9
Reviewed-on: https://gerrit.stanford.edu/1349
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'client')
-rw-r--r-- | client/open.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/client/open.c b/client/open.c index b6a70ad..216f2de 100644 --- a/client/open.c +++ b/client/open.c @@ -146,6 +146,8 @@ internal_set_cred(struct remctl *r, gss_cred_id_t *gss_cred) return false; } } + if (r->krb_ccache != NULL) + krb5_cc_close(r->krb_ctx, r->krb_ccache); code = krb5_cc_resolve(r->krb_ctx, r->ccache, &r->krb_ccache); if (code != 0) { internal_krb5_error(r, "opening ticket cache", code); @@ -290,6 +292,8 @@ internal_open(struct remctl *r, const char *host, const char *principal) r->context = gss_context; r->ready = 0; gss_release_name(&minor, &name); + if (gss_cred != GSS_C_NO_CREDENTIAL) + gss_release_cred(&minor, &gss_cred); return true; fail: @@ -297,6 +301,8 @@ fail: r->fd = INVALID_SOCKET; if (name != GSS_C_NO_NAME) gss_release_name(&minor, &name); + if (gss_cred != GSS_C_NO_CREDENTIAL) + gss_release_cred(&minor, &gss_cred); if (gss_context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&minor, &gss_context, GSS_C_NO_BUFFER); return false; |