>>>>> "schommer" == Derrick Schommer <[EMAIL PROTECTED]> writes:
schommer> Its only 28 blocks, but if I repeat the authentication over schommer> and over it grows quickly. It seems that when I get a schommer> forwarded tgt (krb5_fwd_tgt() ) and call krb5_rd_cred() it schommer> allocates some memory in the asn.1 decoder and I'm not sure schommer> why its not cleaned up (or where it should be cleaned up). Thanks for noticing this. By my examination of the code, it appears that you are correct. Ironically, this leak was introduced as part of a patch to correct a double-free vulnerability. decrypt_credencdata() calls decode_krb5_enc_cred_part(), which allocates a krb5_cred_enc_part. The contents of this krb5_cred_enc_part are copied into a krb5_cred_enc_part passed from krb5_rd_cred_basic(). krb5_rd_cred_basic() does free the contents of its own krb5_cred_enc_part, but the one allocated by decrypt_credencdata() is never freed. Further confusing matters, it appears that krb5_free_cred_enc_part() is misnamed and only frees the contents, not the pointer. ---Tom ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
