This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to branch master in repository gssproxy.
from 28588d3 Conditionally reload kernel interface on SIGHUP new eae0011 Fix most memory leaks
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: proxy/src/gp_config.c | 2 ++ proxy/src/gp_creds.c | 2 ++ proxy/src/gp_export.c | 3 ++- proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++++------ proxy/src/gssproxy.c | 42 ++++++++++++++++++++++++++++------------ proxy/src/mechglue/gpp_context.c | 2 ++ proxy/tests/t_acquire.c | 3 +++ 7 files changed, 52 insertions(+), 19 deletions(-)
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master in repository gssproxy.
commit eae0011349c7a0a53953c867cf318a0ee0de7320 Author: Alexander Scheel ascheel@redhat.com Date: Thu Jun 29 10:59:46 2017 -0400
Fix most memory leaks
Signed-off-by: Alexander Scheel ascheel@redhat.com [rharwood@redhat.com: commit message, whitespace] Reviewed-by: Robbie Harwood rharwood@redhat.com Merges: #203 Related: #176 --- proxy/src/gp_config.c | 2 ++ proxy/src/gp_creds.c | 2 ++ proxy/src/gp_export.c | 3 ++- proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++++------ proxy/src/gssproxy.c | 42 ++++++++++++++++++++++++++++------------ proxy/src/mechglue/gpp_context.c | 2 ++ proxy/tests/t_acquire.c | 3 +++ 7 files changed, 52 insertions(+), 19 deletions(-)
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c index 21bf80e..8ea49d2 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c @@ -75,6 +75,8 @@ static void gp_service_free(struct gp_service *svc) free_cred_store_elements(&svc->krb5.store); gp_free_creds_handle(&svc->krb5.creds_handle); } + free(svc->socket); + free(svc->program); SELINUX_context_free(svc->selinux_ctx); memset(svc, 0, sizeof(struct gp_service)); } diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index 8d2e449..04c84f3 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -1046,6 +1046,8 @@ uint32_t gp_count_tickets(uint32_t *min, gss_cred_id_t cred, uint32_t *ccsum) goto done; }
+ krb5_free_cred_contents(context, &creds); + /* TODO: Should we do a real checksum over all creds->ticket data and * flags in future ? */ (*ccsum)++; diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c index 4e081df..ab08bb7 100644 --- a/proxy/src/gp_export.c +++ b/proxy/src/gp_export.c @@ -47,7 +47,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name, krb5_keytab ktid = NULL; krb5_kt_cursor cursor; krb5_keytab_entry entry; - krb5_enctype *permitted; + krb5_enctype *permitted = NULL; uint32_t ret_maj = 0; uint32_t ret_min = 0; int ret; @@ -127,6 +127,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name, ret_maj = GSS_S_COMPLETE;
done: + krb5_free_enctypes(handle->context, permitted); if (ktid) { (void)krb5_kt_close(handle->context, ktid); } diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c index fcb4fbe..7ddb427 100644 --- a/proxy/src/gp_rpc_acquire_cred.c +++ b/proxy/src/gp_rpc_acquire_cred.c @@ -130,17 +130,18 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall, } }
- acr->output_cred_handle = calloc(1, sizeof(gssx_cred)); - if (!acr->output_cred_handle) { - ret_maj = GSS_S_FAILURE; - ret_min = ENOMEM; - goto done; - }
if (out_cred == in_cred) { acr->output_cred_handle = aca->input_cred_handle; aca->input_cred_handle = NULL; } else { + acr->output_cred_handle = calloc(1, sizeof(gssx_cred)); + if (!acr->output_cred_handle) { + ret_maj = GSS_S_FAILURE; + ret_min = ENOMEM; + goto done; + } + ret_maj = gp_export_gssx_cred(&ret_min, gpcall, &out_cred, acr->output_cred_handle); if (ret_maj) { @@ -154,6 +155,10 @@ done:
GPRPCDEBUG(gssx_res_acquire_cred, acr);
+ if (add_out_cred != &in_cred && add_out_cred != &out_cred) + gss_release_cred(&ret_min, add_out_cred); + if (in_cred != out_cred) + gss_release_cred(&ret_min, &in_cred); gss_release_cred(&ret_min, &out_cred); gss_release_oid_set(&ret_min, &use_mechs); gss_release_oid_set(&ret_min, &desired_mechs); diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c index 3cdc220..5fc4f8d 100644 --- a/proxy/src/gssproxy.c +++ b/proxy/src/gssproxy.c @@ -160,7 +160,7 @@ int main(int argc, const char *argv[]) verto_ctx *vctx; verto_ev *ev; int wait_fd; - int ret; + int ret = -1;
/* initialize debug client id to 0 in the main thread */ /* we do this early, before any code starts using debug statements */ @@ -194,13 +194,17 @@ int main(int argc, const char *argv[]) fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); - return 1; + + ret = 1; + goto cleanup; } }
if (opt_version) { puts(VERSION""DISTRO_VERSION""PRERELEASE_VERSION); - return 0; + poptFreeContext(pc); + ret = 0; + goto cleanup; }
if (opt_debug || opt_debug_level > 0) { @@ -211,7 +215,8 @@ int main(int argc, const char *argv[]) if (opt_daemon && opt_interactive) { fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n"); poptPrintUsage(pc, stderr, 0); - return 1; + ret = 0; + goto cleanup; }
if (opt_interactive) { @@ -225,7 +230,8 @@ int main(int argc, const char *argv[]) opt_config_socket, opt_daemon); if (!gpctx->config) { - exit(EXIT_FAILURE); + ret = EXIT_FAILURE; + goto cleanup; }
init_server(gpctx->config->daemonize, &wait_fd); @@ -236,7 +242,8 @@ int main(int argc, const char *argv[]) if (!vctx) { fprintf(stderr, "Failed to initialize event loop. " "Is there at least one libverto backend installed?\n"); - return 1; + ret = 1; + goto cleanup; } gpctx->vctx = vctx;
@@ -244,12 +251,13 @@ int main(int argc, const char *argv[]) ev = verto_add_signal(vctx, VERTO_EV_FLAG_PERSIST, hup_handler, SIGHUP); if (!ev) { fprintf(stderr, "Failed to register SIGHUP handler with verto!\n"); - return 1; + ret = 1; + goto cleanup; }
ret = init_sockets(vctx, NULL); if (ret != 0) { - return ret; + goto cleanup; }
/* We need to tell nfsd that GSS-Proxy is available before it starts, @@ -263,12 +271,14 @@ int main(int argc, const char *argv[])
ret = drop_privs(gpctx->config); if (ret) { - exit(EXIT_FAILURE); + ret = EXIT_FAILURE; + goto cleanup; }
ret = gp_workers_init(gpctx); if (ret) { - exit(EXIT_FAILURE); + ret = EXIT_FAILURE; + goto cleanup; }
verto_run(vctx); @@ -278,9 +288,17 @@ int main(int argc, const char *argv[])
fini_server();
- poptFreeContext(pc);
free_config(&gpctx->config); + free(gpctx);
- return 0; + ret = 0; + +cleanup: + poptFreeContext(pc); + free(opt_config_file); + free(opt_config_dir); + free(opt_config_socket); + + return ret; } diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c index 2f41e4f..69e69e0 100644 --- a/proxy/src/mechglue/gpp_context.c +++ b/proxy/src/mechglue/gpp_context.c @@ -362,6 +362,8 @@ OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status, } }
+ free(ctx); + return rmaj; }
diff --git a/proxy/tests/t_acquire.c b/proxy/tests/t_acquire.c index 2bb7706..5334565 100644 --- a/proxy/tests/t_acquire.c +++ b/proxy/tests/t_acquire.c @@ -132,5 +132,8 @@ done: gss_release_buffer(&ret_min, &in_token); gss_release_buffer(&ret_min, &out_token); gss_release_cred(&ret_min, &cred_handle); + gss_release_name(&ret_min, &target_name); + gss_delete_sec_context(&ret_min, &init_ctx, GSS_C_NO_BUFFER); + gss_delete_sec_context(&ret_min, &accept_ctx, GSS_C_NO_BUFFER); return ret; }
gss-proxy@lists.fedorahosted.org