[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: possible mem leak in gss_release_cred()?

"Zi-Bin Yang" <zbyang@decru.com> writes:

> In gss_release_cred(), krb5_cc_close() is called, but I think that might
> be a source of memory leak.

I think you are correct.

> So why is krb5_cc_close() called, not krb5_cc_destroy()?  Is it correct
> to use krb5_cc_destroy() instead?  Thanks!

Because its only a MCC when the the cc is created from a keytay.

When a user already have a cred cache (is a ticket file) you don't want to
destroy it for them.

I think the patch below is what you want (untested)


--- lib/gssapi/release_cred.c
+++ lib/gssapi/release_cred.c
@@ -52,8 +52,14 @@
         krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
     if ((*cred_handle)->keytab != NULL)
 	krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
-    if ((*cred_handle)->ccache != NULL)
-	krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
+    if ((*cred_handle)->ccache != NULL) {
+	const krb5_cc_ops *ops;
+	ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
+	if (ops == &krb5_mcc_ops)
+	    krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
+	else 
+	    krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
+    }
     gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
     *cred_handle = GSS_C_NO_CREDENTIAL;

PGP signature