Mercurial > illumos > illumos-gate

changeset 4252:0ecac07f21c9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6543610 Possible memory leak in krb5_acct_mgmt
author ps57422
date Wed, 16 May 2007 08:58:19 -0700
parents fe838d5af480
children 15bf3036ed96
files usr/src/lib/pam_modules/krb5/krb5_acct_mgmt.c
diffstat 1 files changed, 16 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/lib/pam_modules/krb5/krb5_acct_mgmt.c	Wed May 16 00:34:37 2007 -0700
+++ b/usr/src/lib/pam_modules/krb5/krb5_acct_mgmt.c	Wed May 16 08:58:19 2007 -0700
@@ -80,13 +80,11 @@
 
 	code = krb5_parse_name(context, kprinc, &princ);
 	if (code != 0) {
-		krb5_free_context(context);
 		return (PAM_SYSTEM_ERR);
 	}
 
 	if (strlen(password) == 0) {
 		krb5_free_principal(context, princ);
-		krb5_free_context(context);
 		if (debug)
 			__pam_log(LOG_AUTH | LOG_DEBUG,
 			    "PAM-KRB5 (acct): fetch_princ_entry: pwlen=0");
@@ -107,7 +105,6 @@
 			"service name for realm '%s'",
 			admin_realm);
 		krb5_free_principal(context, princ);
-		krb5_free_context(context);
 		return (PAM_SYSTEM_ERR);
 	}
 
@@ -120,7 +117,6 @@
 			    "PAM-KRB5 (acct): fetch_princ_entry: "
 			    "init_with_pw failed: code = %d", code);
 		krb5_free_principal(context, princ);
-		krb5_free_context(context);
 		return ((code == KADM5_BAD_PASSWORD) ?
 			PAM_AUTH_ERR : PAM_SYSTEM_ERR);
 	}
@@ -133,7 +129,6 @@
 			    "princ entry");
 		(void) kadm5_destroy(server_handle);
 		krb5_free_principal(context, princ);
-		krb5_free_context(context);
 		return (PAM_SYSTEM_ERR);
 	}
 
@@ -143,14 +138,12 @@
 	if (code != 0) {
 		(void) kadm5_destroy(server_handle);
 		krb5_free_principal(context, princ);
-		krb5_free_context(context);
 		return ((code == KADM5_UNK_PRINC) ?
 			PAM_USER_UNKNOWN : PAM_SYSTEM_ERR);
 	}
 
 	(void) kadm5_destroy(server_handle);
 	krb5_free_principal(context, princ);
-	krb5_free_context(context);
 
 	return (PAM_SUCCESS);
 }
@@ -193,16 +186,22 @@
 
 	if (!pamh || !user || !password) {
 		err = PAM_SERVICE_ERR;
-		goto out;
+		goto exit;
 	}
 
+	/*
+	 * If we error out from krb5_init_context, then just set error code,
+	 * check to see about debug message and exit out of routine as the
+	 * context could not possibly have been setup.
+	 */
+
 	if (code = krb5_init_context(&kmd->kcontext)) {
 		err = PAM_SYSTEM_ERR;
 		if (debug)
 			__pam_log(LOG_AUTH | LOG_ERR, "PAM-KRB5 (acct): "
 			    "krb5_init_context failed: code=%d",
 			    code);
-		goto out;
+		goto exit;
 	}
 	if (code = krb5_timeofday(kmd->kcontext, &now)) {
 		err = PAM_SYSTEM_ERR;
@@ -274,6 +273,14 @@
 	err = PAM_SUCCESS;
 
 out:
+
+	if (kmd->kcontext) {
+		krb5_free_context(kmd->kcontext);
+		kmd->kcontext = NULL;
+	}
+
+exit:
+
 	if (debug)
 		__pam_log(LOG_AUTH | LOG_DEBUG,
 		    "PAM-KRB5 (acct): exp_warn end: err = %d", err);