From 99416eeeadb68984e80cc1fe85028d4bc796f981 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 29 Jun 2020 09:51:49 -0400 Subject: [PATCH] gssapi/krb5: delete_sec_context must close ccache if CLOSE_CCACHE _gsskrb5_init_sec_context() when called with GSS_C_NO_CREDENTIAL opens the default ccache and sets the CLOSE_CCACHE flag indicating that the ccache lifetime is tied to the gsskrb5_ctx. When _gsskrb5_delete_sec_context() is called, it must close the ccache if the CLOSE_CCACHE flag is set. Otherwise, the ccache resources will leak. Leaked since 39fe446983c0e70a0d11b8824684ad912c8e2206. Change-Id: I8d0faab1e844d68fe71b11b715f8d88fcd2f4af7 --- lib/gssapi/krb5/delete_sec_context.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/gssapi/krb5/delete_sec_context.c b/lib/gssapi/krb5/delete_sec_context.c index 83a66cc0c..a4800791e 100644 --- a/lib/gssapi/krb5/delete_sec_context.c +++ b/lib/gssapi/krb5/delete_sec_context.c @@ -75,6 +75,8 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status, krb5_data_free(&ctx->fwd_data); if (ctx->crypto) krb5_crypto_destroy(context, ctx->crypto); + if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE)) + krb5_cc_close(context, ctx->ccache); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);