Mercurial > illumos > illumos-gate
changeset 4252:0ecac07f21c9
6543610 Possible memory leak in krb5_acct_mgmt
author | ps57422 |
---|---|
date | Wed, 16 May 2007 08:58:19 -0700 |
parents | fe838d5af480 |
children | 15bf3036ed96 |
files | usr/src/lib/pam_modules/krb5/krb5_acct_mgmt.c |
diffstat | 1 files changed, 16 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/pam_modules/krb5/krb5_acct_mgmt.c Wed May 16 00:34:37 2007 -0700 +++ b/usr/src/lib/pam_modules/krb5/krb5_acct_mgmt.c Wed May 16 08:58:19 2007 -0700 @@ -80,13 +80,11 @@ code = krb5_parse_name(context, kprinc, &princ); if (code != 0) { - krb5_free_context(context); return (PAM_SYSTEM_ERR); } if (strlen(password) == 0) { krb5_free_principal(context, princ); - krb5_free_context(context); if (debug) __pam_log(LOG_AUTH | LOG_DEBUG, "PAM-KRB5 (acct): fetch_princ_entry: pwlen=0"); @@ -107,7 +105,6 @@ "service name for realm '%s'", admin_realm); krb5_free_principal(context, princ); - krb5_free_context(context); return (PAM_SYSTEM_ERR); } @@ -120,7 +117,6 @@ "PAM-KRB5 (acct): fetch_princ_entry: " "init_with_pw failed: code = %d", code); krb5_free_principal(context, princ); - krb5_free_context(context); return ((code == KADM5_BAD_PASSWORD) ? PAM_AUTH_ERR : PAM_SYSTEM_ERR); } @@ -133,7 +129,6 @@ "princ entry"); (void) kadm5_destroy(server_handle); krb5_free_principal(context, princ); - krb5_free_context(context); return (PAM_SYSTEM_ERR); } @@ -143,14 +138,12 @@ if (code != 0) { (void) kadm5_destroy(server_handle); krb5_free_principal(context, princ); - krb5_free_context(context); return ((code == KADM5_UNK_PRINC) ? PAM_USER_UNKNOWN : PAM_SYSTEM_ERR); } (void) kadm5_destroy(server_handle); krb5_free_principal(context, princ); - krb5_free_context(context); return (PAM_SUCCESS); } @@ -193,16 +186,22 @@ if (!pamh || !user || !password) { err = PAM_SERVICE_ERR; - goto out; + goto exit; } + /* + * If we error out from krb5_init_context, then just set error code, + * check to see about debug message and exit out of routine as the + * context could not possibly have been setup. + */ + if (code = krb5_init_context(&kmd->kcontext)) { err = PAM_SYSTEM_ERR; if (debug) __pam_log(LOG_AUTH | LOG_ERR, "PAM-KRB5 (acct): " "krb5_init_context failed: code=%d", code); - goto out; + goto exit; } if (code = krb5_timeofday(kmd->kcontext, &now)) { err = PAM_SYSTEM_ERR; @@ -274,6 +273,14 @@ err = PAM_SUCCESS; out: + + if (kmd->kcontext) { + krb5_free_context(kmd->kcontext); + kmd->kcontext = NULL; + } + +exit: + if (debug) __pam_log(LOG_AUTH | LOG_DEBUG, "PAM-KRB5 (acct): exp_warn end: err = %d", err);