krb5_get_init_creds_keytab() leaks memory

Solution Unverified - Updated -

Environment

  • krb5-libs-1.10.3-10.el6.x86_64
  • Red Hat Enterprise Linux 6

Issue

Function lookup_etypes_for_keytab() in krb5-libs leaks memory while working with keytab.

Steps to Reproduce the issue:

  1. Create program with krb5_get_init_creds_keytab()
  2. Call the program on keytab file with big amount of amount of keys
  3. Use valgrind to check your program

Actual results:
Output from Valgrind.

==10215==    at 0x4C279EE: malloc (vg_replace_malloc.c:270)
==10215==    by 0x742FEA3: krb5_ktfileint_internal_read_entry (kt_file.c:1253)
==10215==    by 0x7431E34: krb5_ktfile_get_next (kt_file.c:1414)
==10215==    by 0x7443CF0: krb5_init_creds_set_keytab (gic_keytab.c:101)
==10215==    by 0x744409D: get_init_creds_keytab (gic_keytab.c:242)
==10215==    by 0x74441B2: krb5_get_init_creds_keytab (gic_keytab.c:284)
==10215==    by 0xAF67D6A: get_krb5_tgt (krb5_helper.c:176)
==10215==    by 0xAF6D148: ldap_connect (ldap_helper.c:2284)
==10215==    by 0xAF759F8: new_ldap_instance (ldap_helper.c:3099)
==10215==    by 0xAF79A1D: manager_create_db_instance (zone_manager.c:152)
==10215==    by 0xAF696AC: dynamic_driver_init (ldap_driver.c:1364)
==10215==    by 0x508FDE5: dns_dynamic_db_load (dynamic_db.c:232)

Resolution

This issue has been addressed in version 1.10.3-10.el6_4.4, update krb5-libs (and depended) packages to the above version to fix the issue.

Root Cause

When the application lookup_etypes_for_keytab() function in krb5-libs attempted to use a keytab file to obtain initial credentials from a KDC, as a preliminary step, it enumerated the set of keys in the keytab to determine which types of keys it possessed. While doing so, it leaked memory. This update adds a krb5_kt_free_entry() call in this loop, and memory leaks no longer occur in the described scenario.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments