Bug 238020

Summary: Memory leak in function gss_release_oid_set in crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c
Product: Base System Reporter: Young <yangx92>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Many People Keywords: patch
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Description Flags
Proposed patch none

Description Young 2019-05-21 12:34:19 UTC
Created attachment 204507 [details]
Proposed patch

There is a memory leak in gss_release_oid_set in crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c

gss_release_oid_set(OM_uint32 *minor_status,
    gss_OID_set *set)

        *minor_status = 0;
        if (set && *set) {
                if ((*set)->elements)
                *set = GSS_C_NO_OID_SET;
        return (GSS_S_COMPLETE);

typedef struct gss_OID_desc_struct {
      OM_uint32 length;
      void      *elements;
} gss_OID_desc, *gss_OID;
typedef const gss_OID_desc * gss_const_OID;

typedef struct gss_OID_set_desc_struct  {
      size_t     count;
      gss_OID    elements;
} gss_OID_set_desc, *gss_OID_set;

Since set is the pointer that points to gss_OID_set, then *set is the pointer that points to gss_OID_set_desc. There are two elements in the struct named count and elements. And elements is the pointer that points to gss_OID_desc. There are two elements named length and *elements. Therefore, we should free all elements in gss_OID_desc.

set -> gss_OID_set -> gss_OID_set_desc |count   |
                                       |elements| -> gss_OID_desc | length    |
                                                                  | *elements |

The attachment is the proposed patch.