diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-26 14:35:55 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-26 16:53:19 +0200 |
| commit | 0234400240d1dbdc05ed0faccf8330b2c0528d6d (patch) | |
| tree | 8ff8cb0f582a7cf396cb185ae5e41381a60aadce | |
| parent | 877a7d4f087bfeca979ce4d861559eeace3a6523 (diff) | |
| download | sssd-0234400240d1dbdc05ed0faccf8330b2c0528d6d.tar.gz sssd-0234400240d1dbdc05ed0faccf8330b2c0528d6d.tar.xz sssd-0234400240d1dbdc05ed0faccf8330b2c0528d6d.zip | |
LDAP: Use tmp_ctx in ldap_child for temporary data
Using a global memory context for short-lived private data might lead to
memory growth.
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | src/providers/ldap/ldap_child.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 96404c4c8..7d793bbe4 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -184,6 +184,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, int canonicalize = 0; int kdc_time_offset_usec; int ret; + TALLOC_CTX *tmp_ctx; krberr = krb5_init_context(&context); if (krberr) { @@ -192,6 +193,12 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } DEBUG(SSSDBG_TRACE_INTERNAL, "Kerberos context initialized\n"); + tmp_ctx = talloc_new(memctx); + if (tmp_ctx == NULL) { + krberr = KRB5KRB_ERR_GENERIC; + goto done; + } + krberr = set_child_debugging(context); if (krberr != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set krb5_child debugging\n"); @@ -205,14 +212,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } - realm_name = talloc_strdup(memctx, default_realm); + realm_name = talloc_strdup(tmp_ctx, default_realm); krb5_free_default_realm(context, default_realm); if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; } } else { - realm_name = talloc_strdup(memctx, realm_str); + realm_name = talloc_strdup(tmp_ctx, realm_str); if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; @@ -223,10 +230,10 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, if (princ_str) { if (!strchr(princ_str, '@')) { - full_princ = talloc_asprintf(memctx, "%s@%s", + full_princ = talloc_asprintf(tmp_ctx, "%s@%s", princ_str, realm_name); } else { - full_princ = talloc_strdup(memctx, princ_str); + full_princ = talloc_strdup(tmp_ctx, princ_str); } } else { char hostname[HOST_NAME_MAX + 1]; @@ -240,7 +247,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname); - ret = select_principal_from_keytab(memctx, hostname, realm_name, + ret = select_principal_from_keytab(tmp_ctx, hostname, realm_name, keytab_name, &full_princ, NULL, NULL); if (ret) { krberr = KRB5_KT_IOERR; @@ -283,7 +290,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } - ccname = talloc_asprintf(memctx, "FILE:%s/ccache_%s", DB_PATH, realm_name); + ccname = talloc_asprintf(tmp_ctx, "FILE:%s/ccache_%s", DB_PATH, realm_name); if (!ccname) { krberr = KRB5KRB_ERR_GENERIC; goto done; @@ -362,10 +369,11 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, #endif krberr = 0; - *ccname_out = ccname; + *ccname_out = talloc_steal(memctx, ccname); *expire_time_out = my_creds.times.endtime - kdc_time_offset; done: + talloc_free(tmp_ctx); if (krberr != 0) KRB5_SYSLOG(krberr); if (keytab) krb5_kt_close(context, keytab); if (context) krb5_free_context(context); |