#716 Potential memory leaks in ipa-kpasswd SLAPI plugin
Closed: Fixed None Opened 13 years ago by jhrozek.

There is a number of places in the ipa-kpasswd SLAPI plugin where we allocate an error string called result_string but may overwrite it later. Many of these blocks are quite similar, so maybe it would make sense to wrap them in some kind of macro.

First one:

 924        krberr = krb5_mk_priv(context, auth_context, &kdec, &kenc, &replay);
 925        if (krberr) {
 926                result_string = strdup("Failed to encrypt reply message");    
Can be overwritten at:
 952                krberr = krb5_mk_error(context, &krb5err, &kenc);
 953                if (krberr) {
 954                        result_string = strdup("Failed to build error message");
or at:
 942                krberr = krb5_timeofday(context, &krb5err.stime);
 943                if (krberr) {
 944                        result_string = strdup("Failed to set time of day");

Another one:

 844        if (!(ticket->enc_part2->flags & TKT_FLG_INITIAL)) {
 845                result_string = strdup("Ticket must be derived from a password");
 846                result_err = KRB5_KPASSWD_AUTHERROR;
Can be overwritten at:
 924        krberr = krb5_mk_priv(context, auth_context, &kdec, &kenc, &replay);
 925        if (krberr) {
 926                result_string = strdup("Failed to encrypt reply message");
or at:
 916        krberr = krb5_auth_con_setaddrs(context, auth_context, &lkaddr, NULL);
 917        if (krberr) {
 918                result_string = strdup("Failed to set local address");

Correct master for this bug is: 63e70d0 (confused with the second memory leak fix)

Metadata Update from @jhrozek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)

7 years ago

Login to comment on this ticket.

Metadata