fix a memory leak when obtaining creds via keytabskrb5-1.11.1-3.fc19

- fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110)

2 files changed, 48 insertions, 1 deletions

diff --git a/krb5-lookup_etypes-leak.patch b/krb5-lookup_etypes-leak.patch
new file mode 100644
index 0000000..9c7e082
--- /dev/null
+++ b/krb5-lookup_etypes-leak.patch
@@ -0,0 +1,42 @@
+Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
+we don't free entries when we're finished examining them.  Ensure that when
+krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
+exit the current loop iteration.  (RT#7586)
+
+--- a/src/lib/krb5/krb/gic_keytab.c
++++ b/src/lib/krb5/krb/gic_keytab.c
+@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+             goto cleanup;
+ 
+         if (!krb5_c_valid_enctype(entry.key.enctype))
+-            continue;
++            goto next_entry;
+         if (!krb5_principal_compare(context, entry.principal, client))
+-            continue;
++            goto next_entry;
+         /* Make sure our list is for the highest kvno found for client. */
+         if (entry.vno > max_kvno) {
+             free(etypes);
+@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+             count = 0;
+             max_kvno = entry.vno;
+         } else if (entry.vno != max_kvno)
+-            continue;
++            goto next_entry;
+ 
+         /* Leave room for the terminator and possibly a second entry. */
+         p = realloc(etypes, (count + 3) * sizeof(*etypes));
+         if (p == NULL) {
++            krb5_free_keytab_entry_contents(context, &entry);
+             ret = ENOMEM;
+             goto cleanup;
+         }
+@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+             entry.key.enctype == ENCTYPE_DES_CBC_MD4)
+             etypes[count++] = ENCTYPE_DES_CBC_CRC;
+         etypes[count] = 0;
++next_entry:
++        krb5_free_keytab_entry_contents(context, &entry);
+     }
+ 
+     ret = 0;
diff --git a/krb5.spec b/krb5.spec
index aecceff..5e9010e 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -30,7 +30,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -73,6 +73,7 @@ Patch75: krb5-pkinit-debug.patch
 Patch86: krb5-1.9-debuginfo.patch
 Patch105: krb5-kvno-230379.patch
 Patch113: krb5-1.11-alpha1-init.patch
+Patch114: krb5-lookup_etypes-leak.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -282,6 +283,7 @@ ln -s NOTICE LICENSE
 %patch86 -p0 -b .debuginfo
 %patch105 -p1 -b .kvno
 %patch113 -p1 -b .init
+%patch114 -p1 -b .lookup_etypes-leak
 
 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt
@@ -793,6 +795,9 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Thu Feb 28 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.1-3
+- fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110)
+
 * Wed Feb 27 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.1-2
 - prebuild PDF docs to reduce multilib differences (internal tooling, #884065)
 - drop the kerberos-iv portreserve file, and drop the rest on systemd systems