From 4b69f641a6aea8027e948d3e08ccffda307059b5 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sat, 2 Oct 2010 00:33:24 -0700 Subject: krb5-gssapi: Delete the GSS-API context. This fixes a memory leak related to the GSS-API code. Added a krb5_init and krb5_end functions. Also removed a work-around the lack of proper initialization of the GSS-API context. --- lib/ftp.c | 4 ++++ lib/krb5.c | 25 ++++++++++++++++++++++--- 2 files changed, 26 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/ftp.c b/lib/ftp.c index f1376d730..60d951722 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -3860,6 +3860,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn) Curl_pp_disconnect(pp); +#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) + Curl_sec_end(conn); +#endif + return CURLE_OK; } diff --git a/lib/krb5.c b/lib/krb5.c index 28c6a2528..5658bf428 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -75,10 +75,19 @@ #define LOCAL_ADDR (&conn->local_addr) #define REMOTE_ADDR conn->ip_addr->ai_addr +static int +krb5_init(void *app_data) +{ + gss_ctx_id_t *context = app_data; + /* Make sure our context is initialized for krb5_end. */ + *context = GSS_C_NO_CONTEXT; + return 0; +} + static int krb5_check_prot(void *app_data, int level) { - app_data = NULL; /* prevent compiler warning */ + (void)app_data; /* unused */ if(level == prot_confidential) return -1; return 0; @@ -309,12 +318,22 @@ krb5_auth(void *app_data, struct connectdata *conn) } } +static void krb5_end(void *app_data) +{ + OM_uint32 maj, min; + gss_ctx_id_t *context = app_data; + if (*context != GSS_C_NO_CONTEXT) { + maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER); + DEBUGASSERT(maj == GSS_S_COMPLETE); + } +} + struct Curl_sec_client_mech Curl_krb5_client_mech = { "GSSAPI", sizeof(gss_ctx_id_t), - NULL, /* init */ + krb5_init, krb5_auth, - NULL, /* end */ + krb5_end, krb5_check_prot, krb5_overhead, krb5_encode, -- cgit v1.2.3