[krb5] Pull in a fix for a mem leak from master (RT#7803)
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Dec 18 19:33:57 UTC 2013
commit 460d74d224cd0f889c5c59306ac4b37004945b7f
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Dec 18 14:23:21 2013 -0500
Pull in a fix for a mem leak from master (RT#7803)
- pull in fix from master to avoid a memory leak when a mechanism's
init_sec_context function fails (RT#7803, part of #1043962)
krb5-master-gss_oid_leak.patch | 28 ++++++++++++++++++++++++++++
krb5.spec | 4 ++++
2 files changed, 32 insertions(+), 0 deletions(-)
---
diff --git a/krb5-master-gss_oid_leak.patch b/krb5-master-gss_oid_leak.patch
new file mode 100644
index 0000000..9613823
--- /dev/null
+++ b/krb5-master-gss_oid_leak.patch
@@ -0,0 +1,28 @@
+commit 1cda48a7ed4069cfc052f974ec3d76a9137c8c5a
+Author: Simo Sorce <simo at redhat.com>
+Date: Fri Dec 13 12:00:41 2013 -0500
+
+ Fix memory leak in SPNEGO initiator
+
+ If we eliminate a mechanism from the initiator list because
+ gss_init_sec_context fails, free the memory for that mech OID before
+ removing it from the list.
+
+ [ghudson at mit.edu: clarified commit message]
+
+ ticket: 7803 (new)
+ target_version: 1.12.1
+ tags: pullup
+
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index 818a1b4..06cfab0 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -890,6 +890,7 @@ init_ctx_call_init(OM_uint32 *minor_status,
+ * can do this with recursion. If all mechanisms produce errors, the
+ * caller should get the error from the first mech in the list.
+ */
++ gssalloc_free(sc->mech_set->elements->elements);
+ memmove(sc->mech_set->elements, sc->mech_set->elements + 1,
+ --sc->mech_set->count * sizeof(*sc->mech_set->elements));
+ if (sc->mech_set->count == 0)
diff --git a/krb5.spec b/krb5.spec
index 3182659..2d8e00c 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -92,6 +92,7 @@ Patch129: krb5-1.11-run_user_0.patch
Patch134: krb5-1.11-kpasswdtest.patch
Patch135: krb5-master-no-malloc0.patch
Patch136: krb5-master-ignore-empty-unnecessary-final-token.patch
+Patch137: krb5-master-gss_oid_leak.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -304,6 +305,7 @@ ln -s NOTICE LICENSE
%patch105 -p1 -b .kvno
%patch135 -p1 -b .no-malloc0
%patch136 -p1 -b .ignore-empty-unnecessary-final-token
+%patch137 -p1 -b .gss_oid_leak
# Apply when the hard-wired or configured default location is
# DIR:/run/user/%%{uid}/krb5cc.
@@ -964,6 +966,8 @@ exit 0
#1043962)
- pull in fix from master to ignore an empty token from an acceptor if
we've already finished authenticating (RT#7797, part of #1043962)
+- pull in fix from master to avoid a memory leak when a mechanism's
+ init_sec_context function fails (RT#7803, part of #1043962)
* Wed Dec 11 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.12-1
- update to 1.12 final
More information about the scm-commits
mailing list