[PATCH 3/4 v2] nfs-utils: Fix mem leaks in krb5_util

From: Alice Mitchell <hidden>
Date: 2021-08-12 18:13:32
Subsystem: the rest · Maintainer: Linus Torvalds

query_krb5_ccache: if the ret_realm strdup fails then ret_princname leaks

gssd_get_krb5_machine_cred_list: l was being leaked if the realloc failed
it was also leaked if the strdup of ccname failed

Signed-off-by: Alice Mitchell <redacted>
---
 utils/gssd/krb5_util.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index c5f1152..6d059f3 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c

@@ -1129,6 +1129,12 @@ query_krb5_ccache(const char* cred_cache, char **ret_princname,
 			    *str = '\0';
 			    *ret_princname = strdup(princstring);
 			    *ret_realm = strdup(str+1);
+			    if (!*ret_princname || !*ret_realm) {
+				    free(*ret_princname);
+				    free(*ret_realm);
+				    *ret_princname = NULL;
+				    *ret_realm = NULL;
+			    }
 		    }
 		    k5_free_unparsed_name(context, princstring);
 		}

@@ -1350,15 +1356,19 @@ gssd_get_krb5_machine_cred_list(char ***list)
 		if (retval)
 			continue;
 		if (i + 1 > listsize) {
+			char **tmplist;
 			listsize += listinc;
-			l = (char **)
+			tmplist = (char **)
 				realloc(l, listsize * sizeof(char *));
-			if (l == NULL) {
+			if (tmplist == NULL) {
+				gssd_free_krb5_machine_cred_list(l);
 				retval = ENOMEM;
 				goto out_lock;
 			}
+			l = tmplist;
 		}
 		if ((l[i++] = strdup(ple->ccname)) == NULL) {
+			gssd_free_krb5_machine_cred_list(l);
 			retval = ENOMEM;
 			goto out_lock;
 		}

-- 
2.27.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help