-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/22/2010 02:06 PM, Stephen Gallagher wrote:
Nack.
sss_krb5_verify_keytab() should not be passed a memctx. No memory created in this function is being passed back to the caller. It would be much better to create a tmp_ctx (at the top-level) for the function and talloc_free() that in the done: label. This will make it easier to detect memory leaks with valgrind, as well.
Fixed
There is a bug with memory handling of the realm_name variable. If we populate this value with krb5_get_default_realm(), it needs to be freed with krb5_free_string(). Right now we would be attempting to call talloc_free() on it, and that would fail. The safest thing to do would be to pass a temporary string into krb5_get_default_realm() and then talloc_strdup() the returned value into realm_name and immediately krb5_free_string() the temporary variable.
Thanks, fixed too in the patch as well as in the ldap_child itself where we had the same problem (that's patch 0001).
We also discussed getting the default realm with Simo and Sumit on #freeipa, that discussion is now recorded in #570.