misc memory leaks

Fix various memory leaks that show up mostly in error cases (e.g.,
failure to allocate one small object, and then we forget to free
another one).

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970

10 files changed, 39 insertions, 16 deletions

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 0b263d0dc..ae25eb41c 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -57,7 +57,7 @@ krb5_error_code
 process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
 		krb5_data **response)
 {
-    krb5_keyblock * subkey;
+    krb5_keyblock * subkey = 0;
     krb5_kdc_req *request = 0;
     krb5_db_entry server;
     krb5_kdc_rep reply;
@@ -99,8 +99,10 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
     /*
      * setup_server_realm() sets up the global realm-specific data pointer.
      */
-    if ((retval = setup_server_realm(request->server)))
+    if ((retval = setup_server_realm(request->server))) {
+	krb5_free_kdc_req(kdc_context, request);
 	return retval;
+    }
 
     fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
 			   from->address->contents,
@@ -711,7 +713,9 @@ cleanup:
     if (session_key.contents)
 	krb5_free_keyblock_contents(kdc_context, &session_key);
     if (newtransited)
-	free(enc_tkt_reply.transited.tr_contents.data); 
+	free(enc_tkt_reply.transited.tr_contents.data);
+    if (subkey)
+	krb5_free_keyblock(kdc_context, subkey);
 
     return retval;
 }
@@ -833,6 +837,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
 		       "TGS_REQ: issuing TGT %s", sname);
 		free(sname);
 	    }
+	    krb5_free_realm_tree(kdc_context, plist);
 	    return;
 	}
 	krb5_db_free_principal(kdc_context, server, *nprincs);
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 869eb1896..4b2ce474e 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1,7 +1,7 @@
 /*
  * kdc/kdc_util.c
  *
- * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -418,6 +418,10 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno)
 	retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_keyblock,
 					     server_key,
 					     *key, NULL);
+	if (retval) {
+	    free(*key);
+	    *key = NULL;
+	}
     } else
 	retval = ENOMEM;
 errout:
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index 4557194fa..edd3319e8 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -159,8 +159,10 @@ make_seal_token_v1 (krb5_context context,
     }
 
     code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
-    if (code)
+    if (code) {
+      xfree(t);
       return(code);
+    }
     md5cksum.length = sumlen;
 
 
diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c
index c1af72616..c7236b7b5 100644
--- a/src/lib/krb5/krb/bld_pr_ext.c
+++ b/src/lib/krb5/krb/bld_pr_ext.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/bld_pr_ext.c
  *
- * Copyright 1991 by the Massachusetts Institute of Technology.
+ * Copyright 1991, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -39,7 +39,7 @@ krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
     register int i, count = 0;
     register unsigned int size;
     register char *next;
-    char *tmpdata;
+    char *tmpdata = 0;
     krb5_data *princ_data;
     krb5_principal princ_ret;
 
@@ -97,6 +97,7 @@ free_out:
 	krb5_xfree(princ_data[i].data);
     krb5_xfree(princ_data);
     krb5_xfree(princ_ret);
+    krb5_xfree(tmpdata);
     va_end(ap);
     return ENOMEM;
 }
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index b3e94f4c6..38c338317 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/krb/get_creds.c
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -207,8 +207,12 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options,
 	    retval = 255;
 	    break;
     }
-    if (retval) return retval;
+    /*
+     * Callers to krb5_get_cred_blah... must free up tgts even in
+     * error cases.
+     */
     if (tgts) krb5_free_tgt_creds(context, tgts);
+    if (retval) return retval;
 
     retval = krb5_cc_get_principal(context, ccache, &tmp);
     if (retval) return retval;
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 8f4f57a13..a993870ce 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1059,13 +1059,15 @@ krb5_get_init_creds(krb5_context context,
 
 	/* stuff the client realm into the server principal.
 	   realloc if necessary */
-	if (request.server->realm.length < request.client->realm.length)
-	    if ((request.server->realm.data =
-		 (char *) realloc(request.server->realm.data,
-				  request.client->realm.length)) == NULL) {
+	if (request.server->realm.length < request.client->realm.length) {
+	    char *p = realloc(request.server->realm.data,
+			      request.client->realm.length);
+	    if (p == NULL) {
 		ret = ENOMEM;
 		goto cleanup;
 	    }
+	    request.server->realm.data = p;
+	}
 
 	request.server->realm.length = request.client->realm.length;
 	memcpy(request.server->realm.data, request.client->realm.data,
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index e29557066..3ebbb908d 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -359,8 +359,10 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst
 	
 	if ((old_ktypes =
 	     (krb5_enctype *)malloc(sizeof(krb5_enctype) * (count + 1))) ==
-	    (krb5_enctype *) NULL)
+	    (krb5_enctype *) NULL) {
+	    profile_release_string(retval);
 	    return ENOMEM;
+	}
 	
 	sp = retval;
 	j = 0;
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index d04b85cdb..6e6dadc57 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -1,7 +1,7 @@
 /*
  * lib/krb5/os/an_to_ln.c
  *
- * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -438,7 +438,7 @@ aname_replacer(char *string, char **contextp, char **result)
 		    memset(out, '\0', MAX_FORMAT_BUFFER);
 		    if (!do_replacement(rule, repl, doglobal, in, out)) {
 			free(rule);
-		    free(repl);
+			free(repl);
 			kret = KRB5_LNAME_NOTRANS;
 			break;
 		    }
@@ -453,6 +453,7 @@ aname_replacer(char *string, char **contextp, char **result)
 		}
 		else {
 		    /* No memory for copies */
+		    free(rule);
 		    kret = ENOMEM;
 		    break;
 		}
diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c
index d11c5e267..1debd4d69 100644
--- a/src/lib/rpc/auth_gss.c
+++ b/src/lib/rpc/auth_gss.c
@@ -186,6 +186,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
 			rpc_createerr.cf_error.re_errno = ENOMEM;
 			free(auth);
+			free(gd);
 			return (NULL);
 		}
 	}
diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
index e338cbbd0..04cc48970 100644
--- a/src/plugins/kdb/db2/adb_policy.c
+++ b/src/plugins/kdb/db2/adb_policy.c
@@ -358,6 +358,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
 	if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
 	    xdr_destroy(&xdrs);
 	    free(aligned_data);
+	    osa_free_policy_ent(entry);
 	    ret = OSA_ADB_FAILURE;
 	    goto error;
 	}