| Message ID | 20250415162052.361258-1-pc@manguebit.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | cifs.upcall: fix memory leaks in check_service_ticket_exits() | expand |
Have added to cifs-utils for-next (and also https://github.com/smfrench/smb3-utils/tree/for-next) after minor whitespace cleanup, and added Acked-by for Bharath Good catch On Tue, Apr 15, 2025 at 11:20 AM Paulo Alcantara <pc@manguebit.com> wrote: > > The error message returned by krb5_get_error_message() must be freed > using krb5_free_error_message(). > > Fixes: af76bf2a11a0 ("cifs-utils: Skip TGT check if valid service ticket is already available") > Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com> > --- > cifs.upcall.c | 20 +++++++++++++------- > 1 file changed, 13 insertions(+), 7 deletions(-) > > diff --git a/cifs.upcall.c b/cifs.upcall.c > index 678b1402d2ba..97ab4ec88fbc 100644 > --- a/cifs.upcall.c > +++ b/cifs.upcall.c > @@ -634,33 +634,39 @@ icfk_cleanup: > #define CIFS_SERVICE_NAME "cifs" > > static krb5_error_code check_service_ticket_exists(krb5_ccache ccache, > - const char *hostname) { > - > - krb5_error_code rc; > + const char *hostname) > +{ > krb5_creds mcreds, out_creds; > + const char *errmsg; > + krb5_error_code rc; > > memset(&mcreds, 0, sizeof(mcreds)); > > rc = krb5_cc_get_principal(context, ccache, &mcreds.client); > if (rc) { > + errmsg = krb5_get_error_message(context, rc); > syslog(LOG_DEBUG, "%s: unable to get client principal from cache: %s", > - __func__, krb5_get_error_message(context, rc)); > + __func__, errmsg); > + krb5_free_error_message(context, errmsg); > return rc; > } > > rc = krb5_sname_to_principal(context, hostname, CIFS_SERVICE_NAME, > KRB5_NT_UNKNOWN, &mcreds.server); > if (rc) { > + errmsg = krb5_get_error_message(context, rc); > syslog(LOG_DEBUG, "%s: unable to convert service name (%s) to principal: %s", > - __func__, hostname, krb5_get_error_message(context, rc)); > + __func__, hostname, errmsg); > + krb5_free_error_message(context, errmsg); > krb5_free_principal(context, mcreds.client); > return rc; > } > > rc = krb5_timeofday(context, &mcreds.times.endtime); > if (rc) { > - syslog(LOG_DEBUG, "%s: unable to get time: %s", > - __func__, krb5_get_error_message(context, rc)); > + errmsg = krb5_get_error_message(context, rc); > + syslog(LOG_DEBUG, "%s: unable to get time: %s", __func__, errmsg); > + krb5_free_error_message(context, errmsg); > goto out_free_principal; > } > > -- > 2.49.0 >
diff --git a/cifs.upcall.c b/cifs.upcall.c index 678b1402d2ba..97ab4ec88fbc 100644 --- a/cifs.upcall.c +++ b/cifs.upcall.c @@ -634,33 +634,39 @@ icfk_cleanup: #define CIFS_SERVICE_NAME "cifs" static krb5_error_code check_service_ticket_exists(krb5_ccache ccache, - const char *hostname) { - - krb5_error_code rc; + const char *hostname) +{ krb5_creds mcreds, out_creds; + const char *errmsg; + krb5_error_code rc; memset(&mcreds, 0, sizeof(mcreds)); rc = krb5_cc_get_principal(context, ccache, &mcreds.client); if (rc) { + errmsg = krb5_get_error_message(context, rc); syslog(LOG_DEBUG, "%s: unable to get client principal from cache: %s", - __func__, krb5_get_error_message(context, rc)); + __func__, errmsg); + krb5_free_error_message(context, errmsg); return rc; } rc = krb5_sname_to_principal(context, hostname, CIFS_SERVICE_NAME, KRB5_NT_UNKNOWN, &mcreds.server); if (rc) { + errmsg = krb5_get_error_message(context, rc); syslog(LOG_DEBUG, "%s: unable to convert service name (%s) to principal: %s", - __func__, hostname, krb5_get_error_message(context, rc)); + __func__, hostname, errmsg); + krb5_free_error_message(context, errmsg); krb5_free_principal(context, mcreds.client); return rc; } rc = krb5_timeofday(context, &mcreds.times.endtime); if (rc) { - syslog(LOG_DEBUG, "%s: unable to get time: %s", - __func__, krb5_get_error_message(context, rc)); + errmsg = krb5_get_error_message(context, rc); + syslog(LOG_DEBUG, "%s: unable to get time: %s", __func__, errmsg); + krb5_free_error_message(context, errmsg); goto out_free_principal; }
The error message returned by krb5_get_error_message() must be freed using krb5_free_error_message(). Fixes: af76bf2a11a0 ("cifs-utils: Skip TGT check if valid service ticket is already available") Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com> --- cifs.upcall.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)