Commit 2347c721 authored by Mark Andrews's avatar Mark Andrews
Browse files

3583. [bug] Address memory leak in GSS-API processing [RT #33574]

parent 1e34fe90
3583. [bug] Address memory leak in GSS-API processing [RT #33574]
3582. [bug] Silence false positive warning regarding missing file
directive for inline slave zones. [RT #33662]
......
......@@ -252,12 +252,12 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
gss_cred_id_t *cred)
{
#ifdef GSSAPI
isc_result_t result;
isc_buffer_t namebuf;
gss_name_t gname;
gss_buffer_desc gnamebuf;
unsigned char array[DNS_NAME_MAXTEXT + 1];
OM_uint32 gret, minor;
gss_OID_set mechs;
OM_uint32 lifetime;
gss_cred_usage_t usage;
char buf[1024];
......@@ -304,16 +304,17 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
usage = GSS_C_ACCEPT;
gret = gss_acquire_cred(&minor, gname, GSS_C_INDEFINITE,
&mech_oid_set,
usage, cred, &mechs, &lifetime);
&mech_oid_set, usage, cred, NULL, &lifetime);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed to acquire %s credentials for %s: %s",
initiate ? "initiate" : "accept",
(gname != NULL) ? (char *)gnamebuf.value : "?",
gss_error_tostring(gret, minor, buf, sizeof(buf)));
if (gname != NULL)
check_config((char *)array);
return (ISC_R_FAILURE);
result = ISC_R_FAILURE;
goto cleanup;
}
gss_log(4, "acquired %s credentials for %s",
......@@ -321,8 +322,18 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
(gname != NULL) ? (char *)gnamebuf.value : "?");
log_cred(*cred);
result = ISC_R_SUCCESS;
cleanup:
if (gname != NULL) {
gret = gss_release_name(&minor, &gname);
if (gret != GSS_S_COMPLETE)
gss_log(3, "failed gss_release_name: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
}
return (ISC_R_SUCCESS);
return (result);
#else
REQUIRE(cred != NULL && *cred == NULL);
......@@ -620,7 +631,6 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
RETERR(isc_buffer_copyregion(outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
(void)gss_release_name(&minor, &gname);
if (gret == GSS_S_COMPLETE)
result = ISC_R_SUCCESS;
......@@ -628,6 +638,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
result = DNS_R_CONTINUE;
out:
(void)gss_release_name(&minor, &gname);
return (result);
#else
UNUSED(name);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment