Fix memleaks.

Currently I'm compiling against MIT Kerberos 1.2.8.

Anthony, you said you have a heimdal installation available. Could you
please compile this stuff with krb and check it with valgrind?

Thanks,

Volker
(This used to be commit d8ab44685994b302bb46eed9001c72c194d13dc8)

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 50a9ef271893efdc7f6f50cd949e3c32801a610b..f78a4ad707c1555068eec89e82b417dc842626e5 100644 (file)
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -39,6 +39,7 @@ static DATA_BLOB unwrap_pac(DATA_BLOB *auth_data)
        asn1_end_tag(&data);
        asn1_end_tag(&data);
        asn1_end_tag(&data);
+       asn1_free(&data);
        return pac_contents;
 }
 
@@ -603,6 +604,8 @@ PAC_DATA *decode_pac_data(DATA_BLOB *auth_data, TALLOC_CTX *ctx)
        prs_copy_data_in(&ps, pac_data_blob.data, pac_data_blob.length);
        prs_set_offset(&ps, 0);
 
+       data_blob_free(&pac_data_blob);
+
        pac_data = (PAC_DATA *) talloc_zero(ctx, sizeof(PAC_DATA));
        pac_io_pac_data("pac data", pac_data, &ps, 0);
 

diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index b82e13b05bcd72f38b1064b18285a2450c5c3535..3343194203fd95179ce6a128d3b87c7018725341 100644 (file)
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -128,11 +128,6 @@ NTSTATUS ads_verify_ticket(const char *realm, const DATA_BLOB *ticket,
 
        /* CIFS doesn't use addresses in tickets. This would breat NAT. JRA */
 
-       if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
-               sret = NT_STATUS_NO_MEMORY;
-               goto out;
-       }
-       
        if ((ret = get_kerberos_allowed_etypes(context, &enctypes))) {
                DEBUG(1,("ads_verify_ticket: krb5_get_permitted_enctypes failed (%s)\n", 
                         error_message(ret)));
@@ -151,12 +146,19 @@ NTSTATUS ads_verify_ticket(const char *realm, const DATA_BLOB *ticket,
 
        /* We need to setup a auth context with each possible encoding type in turn. */
        for (i=0;enctypes[i];i++) {
+               if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
+                       sret = NT_STATUS_NO_MEMORY;
+                       goto out;
+               }
+       
                if (create_kerberos_key_from_string(context, host_princ, &password, key, enctypes[i])) {
                        continue;
                }
 
                krb5_auth_con_setuseruserkey(context, auth_context, key);
 
+               krb5_free_keyblock(context, key);
+
                packet.length = ticket->length;
                packet.data = (krb5_pointer)ticket->data;
 
@@ -164,7 +166,6 @@ NTSTATUS ads_verify_ticket(const char *realm, const DATA_BLOB *ticket,
                                       NULL, keytab, NULL, &tkt))) {
                        DEBUG(10,("ads_verify_ticket: enc type [%u] decrypted message !\n",
                                (unsigned int)enctypes[i] ));
-                       free_kerberos_etypes(context, enctypes);
                        auth_ok = True;
                        break;
                }
@@ -237,8 +238,11 @@ NTSTATUS ads_verify_ticket(const char *realm, const DATA_BLOB *ticket,
        if (!NT_STATUS_IS_OK(sret))
                data_blob_free(ap_rep);
 
-       SAFE_FREE(host_princ_s);
+       krb5_free_principal(context, host_princ);
+       krb5_free_ticket(context, tkt);
+       free_kerberos_etypes(context, enctypes);
        SAFE_FREE(password_s);
+       SAFE_FREE(host_princ_s);
 
        if (auth_context)
                krb5_auth_con_free(context, auth_context);

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 7e1801f5551304c4a9c9811984adfa25bab0566e..1fccc04a013b34107af999280bd0d6536a574afe 100644 (file)
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -97,7 +97,9 @@
                return ret;
        }
        krb5_use_enctype(context, &eblock, enctype);
-       return krb5_string_to_key(context, &eblock, key, password, &salt);
+       ret = krb5_string_to_key(context, &eblock, key, password, &salt);
+       SAFE_FREE(salt.data);
+       return ret;
 }
 #elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
  int create_kerberos_key_from_string(krb5_context context,

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 0b3d42302aa20cadd64370aa89811f4a6ab66577..1435c38c99d2e1bfc3c9a2f998577fbafd94e558 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -171,6 +171,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
        }
 
        data_blob_free(&auth_data);
+       data_blob_free(&ticket);
 
        DEBUG(3,("Ticket name is [%s]\n", client));
 
@@ -178,6 +179,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
        if (!p) {
                DEBUG(3,("Doesn't look like a valid principal\n"));
                data_blob_free(&ap_rep);
+               SAFE_FREE(client);
                return ERROR_NT(NT_STATUS_LOGON_FAILURE);
        }
 
@@ -186,6 +188,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
                DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
                if (!lp_allow_trusted_domains()) {
                        data_blob_free(&ap_rep);
+                       SAFE_FREE(client);
                        return ERROR_NT(NT_STATUS_LOGON_FAILURE);
                }
                foreign = True;
@@ -202,6 +205,8 @@ static int reply_spnego_kerberos(connection_struct *conn,
                user = smb_xstrdup(client);
        }
 
+       SAFE_FREE(client);
+
        /* setup the string used by %U */
        sub_set_smb_name(user);