Fix memory leak with the Squid Kerberos authentication helper.

from Markus Moelle via Matthias Pitzl
2018-09-18 11:39:08 +00:00 · 2018-09-18 11:39:08 +00:00 · a11425a6ab
commit a11425a6ab
parent 00ef8c395d
3 changed files with 39 additions and 2 deletions
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.31 2018/08/15 14:21:29 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.32 2018/09/18 11:39:08 ajacoutot Exp $

 COMMENT-main=		Kerberos 5 implementation
 COMMENT-devel-docs=	Heimdal C functions documentation
@ -12,7 +12,7 @@ PKGNAME-devel-docs=	heimdal-devel-docs-${V}
 PKGNAME-libs=		heimdal-libs-${V}

 REVISION-main=		1
-REVISION-libs=		1
+REVISION-libs=		2

 CATEGORIES=		security net

--- a/security/heimdal/patches/patch-lib_gssapi_ntlm_acquire_cred_c
+++ b/security/heimdal/patches/patch-lib_gssapi_ntlm_acquire_cred_c
@ -0,0 +1,20 @@
+$OpenBSD: patch-lib_gssapi_ntlm_acquire_cred_c,v 1.1 2018/09/18 11:39:08 ajacoutot Exp $
+
+Fix memory leak with the Squid Kerberos authentication helper.
+
+Index: lib/gssapi/ntlm/acquire_cred.c
+--- lib/gssapi/ntlm/acquire_cred.c.orig
+++ lib/gssapi/ntlm/acquire_cred.c
+@@ -58,8 +58,11 @@ _gss_ntlm_acquire_cred(OM_uint32            *min_stat,
+     if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
+ 
+ 	maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
+-	if (maj_stat != GSS_S_COMPLETE)
+	if (maj_stat != GSS_S_COMPLETE) {
+	    if (ctx)
+		free(ctx);
+ 	    return maj_stat;
+	}
+ 
+         domain = name != NULL ? name->domain : NULL;
+ 	maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
--- a/security/heimdal/patches/patch-lib_krb5_context_c
+++ b/security/heimdal/patches/patch-lib_krb5_context_c
@ -0,0 +1,17 @@
+$OpenBSD: patch-lib_krb5_context_c,v 1.1 2018/09/18 11:39:08 ajacoutot Exp $
+
+Fix memory leak with the Squid Kerberos authentication helper.
+
+Index: lib/krb5/context.c
+--- lib/krb5/context.c.orig
+++ lib/krb5/context.c
+@@ -622,6 +622,9 @@ krb5_free_context(krb5_context context)
+     free(context->etypes);
+     free(context->cfg_etypes);
+     free(context->etypes_des);
+    free(context->permitted_enctypes);
+    free(context->tgs_etypes);
+    free(context->as_etypes);
+     krb5_free_host_realm (context, context->default_realms);
+     krb5_config_file_free (context, context->cf);
+     free_error_table (context->et_list);