File 0001-cifs.upcall-fix-memory-leaks-in-check_service_ticket.patch of Package cifs-utils.41102
From dc013738ec1f2e67598b264fe2eabf94c5a34570 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.com>
Date: Tue, 15 Apr 2025 13:20:52 -0300
Subject: [PATCH] cifs.upcall: fix memory leaks in check_service_ticket_exits()
The error message returned by krb5_get_error_message() must be freed
using krb5_free_error_message().
Fixes: af76bf2a11a0 ("cifs-utils: Skip TGT check if valid service ticket is already available")
Acked-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com>
---
cifs.upcall.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 678b140..2f7c478 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -634,33 +634,39 @@ icfk_cleanup:
#define CIFS_SERVICE_NAME "cifs"
static krb5_error_code check_service_ticket_exists(krb5_ccache ccache,
- const char *hostname) {
-
- krb5_error_code rc;
+ const char *hostname)
+{
krb5_creds mcreds, out_creds;
+ const char *errmsg;
+ krb5_error_code rc;
memset(&mcreds, 0, sizeof(mcreds));
rc = krb5_cc_get_principal(context, ccache, &mcreds.client);
if (rc) {
+ errmsg = krb5_get_error_message(context, rc);
syslog(LOG_DEBUG, "%s: unable to get client principal from cache: %s",
- __func__, krb5_get_error_message(context, rc));
+ __func__, errmsg);
+ krb5_free_error_message(context, errmsg);
return rc;
}
rc = krb5_sname_to_principal(context, hostname, CIFS_SERVICE_NAME,
KRB5_NT_UNKNOWN, &mcreds.server);
if (rc) {
+ errmsg = krb5_get_error_message(context, rc);
syslog(LOG_DEBUG, "%s: unable to convert service name (%s) to principal: %s",
- __func__, hostname, krb5_get_error_message(context, rc));
+ __func__, hostname, errmsg);
+ krb5_free_error_message(context, errmsg);
krb5_free_principal(context, mcreds.client);
return rc;
}
rc = krb5_timeofday(context, &mcreds.times.endtime);
if (rc) {
- syslog(LOG_DEBUG, "%s: unable to get time: %s",
- __func__, krb5_get_error_message(context, rc));
+ errmsg = krb5_get_error_message(context, rc);
+ syslog(LOG_DEBUG, "%s: unable to get time: %s", __func__, errmsg);
+ krb5_free_error_message(context, errmsg);
goto out_free_principal;
}
--
2.50.1
