X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-distro%2Frecipes-security%2Fgssproxy%2Ffiles%2FFix-most-memory-leaks.patch;fp=meta-starlingx%2Fmeta-stx-distro%2Frecipes-security%2Fgssproxy%2Ffiles%2FFix-most-memory-leaks.patch;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=f4a83d3f744497ea2f03d593628a8c92d9ef7b8c;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git diff --git a/meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Fix-most-memory-leaks.patch b/meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Fix-most-memory-leaks.patch deleted file mode 100644 index f4a83d3..0000000 --- a/meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Fix-most-memory-leaks.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 9f9ab1e13c72b7c1fd06b6ba085ba2853bb9c3ca Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Thu, 29 Jun 2017 10:59:46 -0400 -Subject: [PATCH] Fix most memory leaks - -Signed-off-by: Alexander Scheel -[rharwood@redhat.com: commit message, whitespace] -Reviewed-by: Robbie Harwood -Merges: #203 -Related: #176 -(cherry picked from commit 470cf4d745d57f0597124a35b2faf86ba1107bb5) -[rharwood@redhat.com: backport around missing program support] ---- - proxy/src/gp_config.c | 1 + - proxy/src/gp_creds.c | 2 ++ - proxy/src/gp_export.c | 3 ++- - proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++----- - proxy/src/gssproxy.c | 42 +++++++++++++++++++++++--------- - proxy/src/mechglue/gpp_context.c | 2 ++ - proxy/tests/t_acquire.c | 3 +++ - 7 files changed, 51 insertions(+), 19 deletions(-) - -diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c -index a671333..b4ab90c 100644 ---- a/proxy/src/gp_config.c -+++ b/proxy/src/gp_config.c -@@ -75,6 +75,7 @@ static void gp_service_free(struct gp_service *svc) - free_cred_store_elements(&svc->krb5.store); - gp_free_creds_handle(&svc->krb5.creds_handle); - } -+ free(svc->socket); - SELINUX_context_free(svc->selinux_ctx); - memset(svc, 0, sizeof(struct gp_service)); - } -diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c -index fdc6bdf..2cb4ce7 100644 ---- a/proxy/src/gp_creds.c -+++ b/proxy/src/gp_creds.c -@@ -1049,6 +1049,8 @@ uint32_t gp_count_tickets(uint32_t *min, gss_cred_id_t cred, uint32_t *ccsum) - goto done; - } - -+ krb5_free_cred_contents(context, &creds); -+ - /* TODO: Should we do a real checksum over all creds->ticket data and - * flags in future ? */ - (*ccsum)++; -diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c -index 4e081df..ab08bb7 100644 ---- a/proxy/src/gp_export.c -+++ b/proxy/src/gp_export.c -@@ -47,7 +47,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name, - krb5_keytab ktid = NULL; - krb5_kt_cursor cursor; - krb5_keytab_entry entry; -- krb5_enctype *permitted; -+ krb5_enctype *permitted = NULL; - uint32_t ret_maj = 0; - uint32_t ret_min = 0; - int ret; -@@ -127,6 +127,7 @@ uint32_t gp_init_creds_with_keytab(uint32_t *min, const char *svc_name, - ret_maj = GSS_S_COMPLETE; - - done: -+ krb5_free_enctypes(handle->context, permitted); - if (ktid) { - (void)krb5_kt_close(handle->context, ktid); - } -diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c -index fcb4fbe..7ddb427 100644 ---- a/proxy/src/gp_rpc_acquire_cred.c -+++ b/proxy/src/gp_rpc_acquire_cred.c -@@ -130,17 +130,18 @@ int gp_acquire_cred(struct gp_call_ctx *gpcall, - } - } - -- acr->output_cred_handle = calloc(1, sizeof(gssx_cred)); -- if (!acr->output_cred_handle) { -- ret_maj = GSS_S_FAILURE; -- ret_min = ENOMEM; -- goto done; -- } - - if (out_cred == in_cred) { - acr->output_cred_handle = aca->input_cred_handle; - aca->input_cred_handle = NULL; - } else { -+ acr->output_cred_handle = calloc(1, sizeof(gssx_cred)); -+ if (!acr->output_cred_handle) { -+ ret_maj = GSS_S_FAILURE; -+ ret_min = ENOMEM; -+ goto done; -+ } -+ - ret_maj = gp_export_gssx_cred(&ret_min, gpcall, - &out_cred, acr->output_cred_handle); - if (ret_maj) { -@@ -154,6 +155,10 @@ done: - - GPRPCDEBUG(gssx_res_acquire_cred, acr); - -+ if (add_out_cred != &in_cred && add_out_cred != &out_cred) -+ gss_release_cred(&ret_min, add_out_cred); -+ if (in_cred != out_cred) -+ gss_release_cred(&ret_min, &in_cred); - gss_release_cred(&ret_min, &out_cred); - gss_release_oid_set(&ret_min, &use_mechs); - gss_release_oid_set(&ret_min, &desired_mechs); -diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c -index a020218..5c5937d 100644 ---- a/proxy/src/gssproxy.c -+++ b/proxy/src/gssproxy.c -@@ -157,7 +157,7 @@ int main(int argc, const char *argv[]) - verto_ctx *vctx; - verto_ev *ev; - int wait_fd; -- int ret; -+ int ret = -1; - - struct poptOption long_options[] = { - POPT_AUTOHELP -@@ -187,13 +187,17 @@ int main(int argc, const char *argv[]) - fprintf(stderr, "\nInvalid option %s: %s\n\n", - poptBadOption(pc, 0), poptStrerror(opt)); - poptPrintUsage(pc, stderr, 0); -- return 1; -+ -+ ret = 1; -+ goto cleanup; - } - } - - if (opt_version) { - puts(VERSION""DISTRO_VERSION""PRERELEASE_VERSION); -- return 0; -+ poptFreeContext(pc); -+ ret = 0; -+ goto cleanup; - } - - if (opt_debug || opt_debug_level > 0) { -@@ -204,7 +208,8 @@ int main(int argc, const char *argv[]) - if (opt_daemon && opt_interactive) { - fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n"); - poptPrintUsage(pc, stderr, 0); -- return 1; -+ ret = 0; -+ goto cleanup; - } - - if (opt_interactive) { -@@ -218,7 +223,8 @@ int main(int argc, const char *argv[]) - opt_config_socket, - opt_daemon); - if (!gpctx->config) { -- exit(EXIT_FAILURE); -+ ret = EXIT_FAILURE; -+ goto cleanup; - } - - init_server(gpctx->config->daemonize, &wait_fd); -@@ -229,7 +235,8 @@ int main(int argc, const char *argv[]) - if (!vctx) { - fprintf(stderr, "Failed to initialize event loop. " - "Is there at least one libverto backend installed?\n"); -- return 1; -+ ret = 1; -+ goto cleanup; - } - gpctx->vctx = vctx; - -@@ -237,12 +244,13 @@ int main(int argc, const char *argv[]) - ev = verto_add_signal(vctx, VERTO_EV_FLAG_PERSIST, hup_handler, SIGHUP); - if (!ev) { - fprintf(stderr, "Failed to register SIGHUP handler with verto!\n"); -- return 1; -+ ret = 1; -+ goto cleanup; - } - - ret = init_sockets(vctx, NULL); - if (ret != 0) { -- return ret; -+ goto cleanup; - } - - /* We need to tell nfsd that GSS-Proxy is available before it starts, -@@ -256,12 +264,14 @@ int main(int argc, const char *argv[]) - - ret = drop_privs(gpctx->config); - if (ret) { -- exit(EXIT_FAILURE); -+ ret = EXIT_FAILURE; -+ goto cleanup; - } - - ret = gp_workers_init(gpctx); - if (ret) { -- exit(EXIT_FAILURE); -+ ret = EXIT_FAILURE; -+ goto cleanup; - } - - verto_run(vctx); -@@ -271,9 +281,17 @@ int main(int argc, const char *argv[]) - - fini_server(); - -- poptFreeContext(pc); - - free_config(&gpctx->config); -+ free(gpctx); - -- return 0; -+ ret = 0; -+ -+cleanup: -+ poptFreeContext(pc); -+ free(opt_config_file); -+ free(opt_config_dir); -+ free(opt_config_socket); -+ -+ return ret; - } -diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c -index 2f41e4f..69e69e0 100644 ---- a/proxy/src/mechglue/gpp_context.c -+++ b/proxy/src/mechglue/gpp_context.c -@@ -362,6 +362,8 @@ OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status, - } - } - -+ free(ctx); -+ - return rmaj; - } - -diff --git a/proxy/tests/t_acquire.c b/proxy/tests/t_acquire.c -index 2bb7706..5334565 100644 ---- a/proxy/tests/t_acquire.c -+++ b/proxy/tests/t_acquire.c -@@ -132,5 +132,8 @@ done: - gss_release_buffer(&ret_min, &in_token); - gss_release_buffer(&ret_min, &out_token); - gss_release_cred(&ret_min, &cred_handle); -+ gss_release_name(&ret_min, &target_name); -+ gss_delete_sec_context(&ret_min, &init_ctx, GSS_C_NO_BUFFER); -+ gss_delete_sec_context(&ret_min, &accept_ctx, GSS_C_NO_BUFFER); - return ret; - }