sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-12 20:58:37 +03:00
Code

s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs

Browse Source 
Add missing free for entry variable and its members : key and principal
Found definite memory leaks via valgrind as shown below.

Leak 1 :
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
==1686==    at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686==    by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
==1686==    by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
==1686==    by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686==    by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686==    by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686==    by 0x127F45: process_request_send (winbindd.c:502)
==1686==    by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686==    by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686==    by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686==    by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686==    by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686==    by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686==    by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686==    by 0x1232F3: main (winbindd.c:1718)

Leak 2 :
==1686==    at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686==    by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
==1686==    by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
==1686==    by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686==    by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686==    by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686==    by 0x127F45: process_request_send (winbindd.c:502)
==1686==    by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686==    by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686==    by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686==    by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686==    by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686==    by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686==    by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686==    by 0x1232F3: main (winbindd.c:1718)

Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
This commit is contained in:
Shaleen Bathla 2024-04-10 18:31:39 +05:30 committed by Andreas Schneider
parent 532789b4f3
commit 48493735e2
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source3/winbindd/winbindd_pam.c
View File

@ -3433,12 +3433,17 @@ static NTSTATUS extract_pac_vrfy_sigs(TALLOC_CTX *mem_ctx, DATA_BLOB pac_blob,
NULL, /* client_principal */
0, /* tgs_authtime */
p_pac_data);
(void)smb_krb5_kt_free_entry(krbctx, &entry);
if (NT_STATUS_IS_OK(status)) {
break;
}
k5ret = smb_krb5_kt_free_entry(krbctx, &entry);
k5ret = krb5_kt_next_entry(krbctx, keytab, &entry, &cursor);
}
if (k5ret != 0 && k5ret != KRB5_KT_END) {
DEBUG(1, ("Failed to get next entry: %s\n",
error_message(k5ret)));
(void)smb_krb5_kt_free_entry(krbctx, &entry);
}
k5ret = krb5_kt_end_seq_get(krbctx, keytab, &cursor);
if (k5ret) {