[krb5/f17] fix a memory leak when obtaining creds via keytabs

[Nalin Dahyabhai]

commit 7a5767895baad9e875781ddd02992ab623f32c80
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Fri Mar 1 11:28:02 2013 -0500

    fix a memory leak when obtaining creds via keytabs
    
    fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110)

 krb5-lookup_etypes-leak.patch |   42 +++++++++++++++++++++++++++++++++++++++++
 krb5.spec                     |    7 +++++-
 2 files changed, 48 insertions(+), 1 deletions(-)
---
diff --git a/krb5-lookup_etypes-leak.patch b/krb5-lookup_etypes-leak.patch
new file mode 100644
index 0000000..9c7e082
--- /dev/null
+++ b/krb5-lookup_etypes-leak.patch
@@ -0,0 +1,42 @@
+Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
+we don't free entries when we're finished examining them.  Ensure that when
+krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
+exit the current loop iteration.  (RT#7586)
+
+--- a/src/lib/krb5/krb/gic_keytab.c
++++ b/src/lib/krb5/krb/gic_keytab.c
+@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+             goto cleanup;
+ 
+         if (!krb5_c_valid_enctype(entry.key.enctype))
+-            continue;
++            goto next_entry;
+         if (!krb5_principal_compare(context, entry.principal, client))
+-            continue;
++            goto next_entry;
+         /* Make sure our list is for the highest kvno found for client. */
+         if (entry.vno > max_kvno) {
+             free(etypes);
+@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+             count = 0;
+             max_kvno = entry.vno;
+         } else if (entry.vno != max_kvno)
+-            continue;
++            goto next_entry;
+ 
+         /* Leave room for the terminator and possibly a second entry. */
+         p = realloc(etypes, (count + 3) * sizeof(*etypes));
+         if (p == NULL) {
++            krb5_free_keytab_entry_contents(context, &entry);
+             ret = ENOMEM;
+             goto cleanup;
+         }
+@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+             entry.key.enctype == ENCTYPE_DES_CBC_MD4)
+             etypes[count++] = ENCTYPE_DES_CBC_CRC;
+         etypes[count] = 0;
++next_entry:
++        krb5_free_keytab_entry_contents(context, &entry);
+     }
+ 
+     ret = 0;
diff --git a/krb5.spec b/krb5.spec
index 3fdaa22..40864b3 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -20,7 +20,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.10.2
-Release: 7%{?dist}
+Release: 8%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -71,6 +71,7 @@ Patch106: krb5-1.10.2-keytab-etype.patch
 Patch107: krb5-trunk-pkinit-anchorsign.patch
 Patch108: http://web.mit.edu/kerberos/advisories/2012-001-patch.txt
 Patch109: krb5-1.10-pkinit-null.patch
+Patch110: krb5-lookup_etypes-leak.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -251,6 +252,7 @@ ln -s NOTICE LICENSE
 %patch107 -p1 -b .pkinit-anchorsign
 %patch108 -p1 -b .2012-001
 %patch109 -p1 -b .pkinit-null
+%patch110 -p1 -b .lookup_etypes-leak
 rm src/lib/krb5/krb/deltat.c
 
 gzip doc/*.ps
@@ -770,6 +772,9 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Thu Feb 28 2013 Nalin Dahyabhai <nalin at redhat.com> 1.10.2-8
+- fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110)
+
 * Mon Feb 25 2013 Nalin Dahyabhai <nalin at redhat.com> 1.10.2-7
 - incorporate upstream patch to fix a NULL pointer dereference when the client
   supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #914756)