oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gssapi/krb5: delete_sec_context must close ccache if CLOSE_CCACHE

Browse Source 
_gsskrb5_init_sec_context() when called with GSS_C_NO_CREDENTIAL
opens the default ccache and sets the CLOSE_CCACHE flag indicating
that the ccache lifetime is tied to the gsskrb5_ctx.   When
_gsskrb5_delete_sec_context() is called, it must close the ccache
if the CLOSE_CCACHE flag is set.  Otherwise, the ccache resources
will leak.

Leaked since 39fe446983.

Change-Id: I8d0faab1e844d68fe71b11b715f8d88fcd2f4af7
This commit is contained in:
Jeffrey Altman
2020-06-29 09:51:49 -04:00
committed by Jeffrey Altman
parent 226a3ba7d7
commit 99416eeead
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/gssapi/krb5/delete_sec_context.c
View File

@@ -75,6 +75,8 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status,
krb5_data_free(&ctx->fwd_data);
if (ctx->crypto)
krb5_crypto_destroy(context, ctx->crypto);
if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE))
krb5_cc_close(context, ctx->ccache);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);