[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: krb5 mechanism OID; Was: Re: FW: memory leak in some KerberosAPIs?

To: Kent_Wu@trendmicro.com
Subject: Re: krb5 mechanism OID; Was: Re: FW: memory leak in some KerberosAPIs?
From: Love <lha@stacken.kth.se>
Date: Fri, 13 Jun 2003 17:54:46 +0200
Cc: <buckh@pobox.com>, <heimdal-discuss@sics.se>
In-Reply-To: <7DE4EF03D8D61B44B927E4A059B2644C3489DC@65-200-113-18.trendmicro.com> (KentWu's message of "Thu, 12 Jun 2003 11:40:12 -0700")
References: <7DE4EF03D8D61B44B927E4A059B2644C3489DC@65-200-113-18.trendmicro.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (berkeley-unix)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Kent_Wu@trendmicro.com writes:

> Thx for the info, yes, once I used GSS_KRB5_MECHANISM then it works. The
> GSS-API comes with both Solaris 8 and MIT package don't define this so I
> overlooked it.

It seems that there is not standard way of getting the kerberos mech oid,
however, its a fixed octet string, so just inlining the byte string into
the program might be just fine.

> I looked at the source code which also utilized gss_init_sec_context() in
> heimdal and I think pretty much I've freed all the resources I should
> have. Did I miss something here due to that GSS_KRB5_MECHANISM issue or
> is this a known issue? One way I can think of to resolve this is to
> replace gss_init_sec_context() with Kerberos API's to do the job, however
> I think it's probably fairly time-consuming and might end up the same
> issue as well if the underlying API's still leak.

For the first problem, can you try this ?

Thanks for reporting the problem.

Love

Index: init_sec_context.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/gssapi/init_sec_context.c,v
retrieving revision 1.38
diff -u -u -w -r1.38 init_sec_context.c
- --- init_sec_context.c	3 Jun 2003 15:22:58 -0000	1.38
+++ init_sec_context.c	13 Jun 2003 15:42:01 -0000
@@ -184,7 +184,7 @@
     OM_uint32 ret = GSS_S_FAILURE;
     krb5_error_code kret;
     krb5_flags ap_options;
- -    krb5_creds this_cred, *cred;
+    krb5_creds this_cred, *cred = NULL;
     krb5_data outbuf;
     krb5_ccache ccache;
     u_int32_t flags;
@@ -437,6 +437,8 @@
  failure:
     krb5_auth_con_free (gssapi_krb5_context,
 			(*context_handle)->auth_context);
+    if(cred)
+	krb5_free_creds(gssapi_krb5_context, cred);
     if((*context_handle)->source)
 	krb5_free_principal (gssapi_krb5_context,
 			     (*context_handle)->source);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (NetBSD)

iQIVAwUBPunzyxZyDLTSep3UAQJ6iQ/+L3lq1UeBxMJC+0as4H2/cYrthYC/dwSp
bustgu5I8jD0OA/Nz+P7y+87ZePkg7jpltOuZpVMM63fn47n5GQfM8xYeKEqpkT8
5OtTM/CIEgU6xC6lNJusEJXZgWTyvAaYmbS9EfaJbbpDhGjgf3pGngD6ZG4smOiU
LfRvqyuipbf9TRYWKBvQdVUxkBh9JBb5hhPJZrDeV0t93CKNBOgN/bdHFU0zLwv4
zS7ubKhZTHgc1uXmz2BlACOT7Fwh/UUu+RlHFDRMY4zowgWkWXQAs8ZPuxr53ybO
gpppPo8myNN4BrTDon/HFVPGKR0RcssyvQN4KvbSc1D6qCC7bq7hVN+bIZSnVA8c
W3sOzlwUQZshTnVOno89URe3zL59jGpysG2wIbOePh39nX7YUtbxEPd0n6t2ZZWU
YEfr6cAxupH1Zpydt+9IlEKvgMNvwhXRedNzhxWkj6GU7RWgZIlnn+sZ/Y4lfKPU
erGZuhpB5bIyt/5oifG9ZBo1qPKKFT4xge5Q0zdvmRB8O030Dat4EzXKvleUgpiW
rDiUXQ2XIVvXohUSpb17WwhjO0psNcrrX+SR0cARHF65snZK+w7NDlUPM6PkbsqN
fhk6mLH1VlkzhsVCrJyUiSfkx4CAVZQ0yYTbV0/pFsb5zcgJAu7I71IPnFpcjWQt
7ytdAOHxknM=
=hDJG
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: krb5 mechanism OID; Was: Re: FW: memory leak in some Kerberos APIs?
  - From: Buck Huppmann <buckh@pobox.com>

References:
- RE: krb5 mechanism OID; Was: Re: FW: memory leak in some Kerberos APIs?
  - From: Kent_Wu@trendmicro.com

Prev by Date: Re: memory leak in some Kerberos APIs? Was: Re: krb5 mechanism OID
Next by Date: Re: krb5 mechanism OID; Was: Re: FW: memory leak in some Kerberos APIs?
Prev by thread: Re: memory leak in some Kerberos APIs? Was: Re: krb5 mechanism OID
Next by thread: Re: krb5 mechanism OID; Was: Re: FW: memory leak in some Kerberos APIs?
Index(es):
- Date
- Thread