Bug 238020 - Memory leak in function gss_release_oid_set in crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c
Summary: Memory leak in function gss_release_oid_set in crypto/heimdal/lib/gssapi/mech...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
Keywords: patch
Depends on:
Reported: 2019-05-21 12:34 UTC by Young
Modified: 2019-05-24 15:32 UTC (History)
0 users

See Also:

Proposed patch (1.26 KB, application/mbox)
2019-05-21 12:34 UTC, Young
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Young 2019-05-21 12:34:19 UTC
Created attachment 204507 [details]
Proposed patch

There is a memory leak in gss_release_oid_set in crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c

gss_release_oid_set(OM_uint32 *minor_status,
    gss_OID_set *set)

        *minor_status = 0;
        if (set && *set) {
                if ((*set)->elements)
                *set = GSS_C_NO_OID_SET;
        return (GSS_S_COMPLETE);

typedef struct gss_OID_desc_struct {
      OM_uint32 length;
      void      *elements;
} gss_OID_desc, *gss_OID;
typedef const gss_OID_desc * gss_const_OID;

typedef struct gss_OID_set_desc_struct  {
      size_t     count;
      gss_OID    elements;
} gss_OID_set_desc, *gss_OID_set;

Since set is the pointer that points to gss_OID_set, then *set is the pointer that points to gss_OID_set_desc. There are two elements in the struct named count and elements. And elements is the pointer that points to gss_OID_desc. There are two elements named length and *elements. Therefore, we should free all elements in gss_OID_desc.

set -> gss_OID_set -> gss_OID_set_desc |count   |
                                       |elements| -> gss_OID_desc | length    |
                                                                  | *elements |

The attachment is the proposed patch.