[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: possible mem leak in gss_release_cred()?
"Zi-Bin Yang" <zbyang@decru.com> writes:
> In gss_release_cred(), krb5_cc_close() is called, but I think that might
> be a source of memory leak.
I think you are correct.
> So why is krb5_cc_close() called, not krb5_cc_destroy()? Is it correct
> to use krb5_cc_destroy() instead? Thanks!
Because its only a MCC when the the cc is created from a keytay.
When a user already have a cred cache (is a ticket file) you don't want to
destroy it for them.
I think the patch below is what you want (untested)
Love
--- lib/gssapi/release_cred.c
+++ lib/gssapi/release_cred.c
@@ -52,8 +52,14 @@
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
if ((*cred_handle)->keytab != NULL)
krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
- if ((*cred_handle)->ccache != NULL)
- krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
+ if ((*cred_handle)->ccache != NULL) {
+ const krb5_cc_ops *ops;
+ ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
+ if (ops == &krb5_mcc_ops)
+ krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
+ else
+ krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
+ }
gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
free(*cred_handle);
*cred_handle = GSS_C_NO_CREDENTIAL;
PGP signature