kadmin: Fix leak of dup context

2022-03-23 23:39:21 -05:00
parent 990250e462
commit 6b64ae2cde
5 changed files with 13 additions and 1 deletions
--- a/kadmin/cpw.c
+++ b/kadmin/cpw.c
@@ -158,6 +158,7 @@ cpw_entry(struct passwd_options *opt, int argc, char **argv)
    int num;
    krb5_key_data key_data[3];

+    data.kadm_handle = NULL;
    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
    if (ret)
        krb5_err(context, 1, ret, "Could not duplicate kadmin connection");
--- a/kadmin/del.c
+++ b/kadmin/del.c
@@ -47,7 +47,7 @@ del_entry(void *opt, int argc, char **argv)
    krb5_error_code ret = 0;
    void *dup_kadm_handle = NULL;

-    ret = kadm5_dup_context(kadm_handle, &kadm_handle);
+    ret = kadm5_dup_context(kadm_handle, &dup_kadm_handle);

    for (i = 0; ret == 0 && i < argc; i++)
 	ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
--- a/kadmin/ext.c
+++ b/kadmin/ext.c
@@ -160,6 +160,7 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
    const char *enctypes;
    size_t i;

+    data.kadm_handle = NULL;
    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
    if (ret)
        krb5_err(context, 1, ret, "Could not duplicate kadmin connection");
--- a/kadmin/get.c
+++ b/kadmin/get.c
@@ -592,6 +592,7 @@ getit(struct get_options *opt, const char *name, int argc, char **argv)
    if (opt->terse_flag)
        return listit(name, opt->upto_integer, argc, argv);

+    data.kadm_handle = NULL;
    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
    if (ret)
        krb5_err(context, 1, ret, "Could not duplicate kadmin connection");
--- a/kadmin/mod.c
+++ b/kadmin/mod.c
@@ -406,6 +406,7 @@ mod_entry(struct modify_options *opt, int argc, char **argv)
    struct mod_data data;
    int i;

+    data.kadm_handle = NULL;
    data.opt_ns_kr = NULL;
    data.opt_ns = NULL;
    data.opt = opt;
@@ -413,6 +414,8 @@ mod_entry(struct modify_options *opt, int argc, char **argv)
    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
    for (i = 0; ret == 0 && i < argc; i++)
 	ret = foreach_principal(argv[i], do_mod_entry, "mod", &data);
+    if (data.kadm_handle)
+        kadm5_destroy(data.kadm_handle);
    return ret != 0;
 }

@@ -469,6 +472,7 @@ modify_namespace(struct modify_namespace_options *opt, int argc, char **argv)
    struct mod_data data;
    int i;

+    data.kadm_handle = NULL;
    data.opt_ns_kr = NULL;
    data.opt_ns = opt;
    data.opt = NULL;
@@ -476,6 +480,8 @@ modify_namespace(struct modify_namespace_options *opt, int argc, char **argv)
    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
    for (i = 0; ret == 0 && i < argc; i++)
 	ret = foreach_principal(argv[i], do_mod_ns_entry, "mod_ns", &data);
+    if (data.kadm_handle)
+        kadm5_destroy(data.kadm_handle);
    return ret != 0;
 }

@@ -690,6 +696,7 @@ modify_ns_kr(struct modify_namespace_key_rotation_options *opt,
    struct mod_data data;
    int i;

+    data.kadm_handle = NULL;
    data.opt_ns_kr = opt;
    data.opt_ns = NULL;
    data.opt = NULL;
@@ -697,6 +704,8 @@ modify_ns_kr(struct modify_namespace_key_rotation_options *opt,
    ret = kadm5_dup_context(kadm_handle, &data.kadm_handle);
    for (i = 0; ret == 0 && i < argc; i++)
 	ret = foreach_principal(argv[i], do_mod_ns_kr, "mod_ns", opt);
+    if (data.kadm_handle)
+        kadm5_destroy(data.kadm_handle);
    return ret != 0;
 }