#714 Potential memory leaks in ipa-getkeytab
Closed: Fixed None Opened 13 years ago by jhrozek.

There are two potential memory leaks in ipa-getkeytab. First one:
{{{
536 / cant' return more than nkeys, sometimes less /
Calling allocation function "calloc".
Assigning: "encs" = storage returned from "calloc(keys->nkeys + 1, sizeof (ber_int_t) /4/)".
537 encs = calloc(keys->nkeys + 1, sizeof(ber_int_t));

later on:

 693
Variable "encs" is not freed or pointed-to in function "filter_keys". [show details]
 694        ret = filter_keys(krbctx, keys, encs);
At conditional (26): "ret == 0" taking the false branch.
 695        if (ret == 0) goto error_out;
 696
At conditional (27): "err" taking the true branch.
 697        if (err) ldap_memfree(err);
 698        ber_free(sctrl, 1);
 699        ldap_controls_free(srvctrl);
 700        ldap_msgfree(res);
 701        ldap_unbind_ext(ld, NULL, NULL);
Variable "encs" going out of scope leaks the storage it points to.
 702        return kvno;

The second one:

 148
Calling allocation function "calloc".
Assigning: "ksdata" = storage returned from "calloc(n + 1, sizeof (struct krb_key_salt) /*48*/)".
 149        ksdata = calloc(n + 1, sizeof(struct krb_key_salt));

later on:

 234            krberr = krb5_c_enctype_compare(krbctx,
 235                                            ksdata[j].enctype,
 236                                            ksdata[i].enctype,
 237                                            &similar);
At conditional (10): "krberr" taking the true branch.
 238            if (krberr) {
 239                free_keys_contents(krbctx, keys);
 240                fprintf(stderr, _("Enctype comparison failed!\n"));
Variable "ksdata" going out of scope leaks the storage it points to.
 241                return 0;
 242            }

Metadata Update from @jhrozek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)

7 years ago

Login to comment on this ticket.

Metadata