Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-132622

Memory leak in krb5 in acquire_cred.c

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.2
    • rhel-9.6.z
    • krb5
    • None
    • None
    • Low
    • rhel-idm-uah
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      What is the impact of this issue to you?

      Memory leak reported by AddressSanitizer:

       =================================================================
==962450==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f93844b4a07 in __interceptor_malloc (/usr/lib64/libasan.so.6+0xb4a07)
    #1 0x7f938316ac9d in krb5_build_principal_alloc_va krb/bld_princ.c:124
    #2 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #3 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #4 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #5 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #6 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #7 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #8 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #9 0x7f9382f82df5 in get_available_mechs spnego/spnego_mech.c:3109
    #10 0x7f9382f82f10 in spnego_gss_acquire_cred_from spnego/spnego_mech.c:377
    #11 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #12 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #13 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #14 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #15 0x604007b2f0cf  (<unknown module>)

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f93844b4a07 in __interceptor_malloc (/usr/lib64/libasan.so.6+0xb4a07)
    #1 0x7f938316ac9d in krb5_build_principal_alloc_va krb/bld_princ.c:124
    #2 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #3 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #4 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #5 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #6 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #7 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #8 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #9 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #10 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #11 0x604007b2f0cf  (<unknown module>)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f93844b4a07 in __interceptor_malloc (/usr/lib64/libasan.so.6+0xb4a07)
    #1 0x7f938316aa38 in build_principal_va krb/bld_princ.c:56
    #2 0x7f938316acba in krb5_build_principal_alloc_va krb/bld_princ.c:128
    #3 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #4 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #5 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #6 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #7 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #8 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #9 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #10 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #11 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #12 0x604007b2f0cf  (<unknown module>)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f93844b4a07 in __interceptor_malloc (/usr/lib64/libasan.so.6+0xb4a07)
    #1 0x7f938316aa38 in build_principal_va krb/bld_princ.c:56
    #2 0x7f938316acba in krb5_build_principal_alloc_va krb/bld_princ.c:128
    #3 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #4 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #5 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #6 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #7 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #8 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #9 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #10 0x7f9382f82df5 in get_available_mechs spnego/spnego_mech.c:3109
    #11 0x7f9382f82f10 in spnego_gss_acquire_cred_from spnego/spnego_mech.c:377
    #12 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #13 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #14 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #15 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #16 0x604007b2f0cf  (<unknown module>)

Indirect leak of 31 byte(s) in 2 object(s) allocated from:
    #0 0x7f938445baf7 in strdup (/usr/lib64/libasan.so.6+0x5baf7)
    #1 0x7f938316aad3 in build_principal_va krb/bld_princ.c:77
    #2 0x7f938316acba in krb5_build_principal_alloc_va krb/bld_princ.c:128
    #3 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #4 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #5 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #6 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #7 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #8 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #9 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #10 0x7f9382f82df5 in get_available_mechs spnego/spnego_mech.c:3109
    #11 0x7f9382f82f10 in spnego_gss_acquire_cred_from spnego/spnego_mech.c:377
    #12 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #13 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #14 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #15 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #16 0x604007b2f0cf  (<unknown module>)

Indirect leak of 31 byte(s) in 2 object(s) allocated from:
    #0 0x7f938445baf7 in strdup (/usr/lib64/libasan.so.6+0x5baf7)
    #1 0x7f938316aad3 in build_principal_va krb/bld_princ.c:77
    #2 0x7f938316acba in krb5_build_principal_alloc_va krb/bld_princ.c:128
    #3 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #4 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #5 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #6 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #7 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #8 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #9 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #10 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #11 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #12 0x604007b2f0cf  (<unknown module>)

Indirect leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7f93844b4bd7 in calloc (/usr/lib64/libasan.so.6+0xb4bd7)
    #1 0x7f938316aa55 in build_principal_va ccache/../../../include/k5-int.h:2282
    #2 0x7f938316acba in krb5_build_principal_alloc_va krb/bld_princ.c:128
    #3 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #4 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #5 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #6 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #7 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #8 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #9 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #10 0x7f9382f82df5 in get_available_mechs spnego/spnego_mech.c:3109
    #11 0x7f9382f82f10 in spnego_gss_acquire_cred_from spnego/spnego_mech.c:377
    #12 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #13 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #14 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #15 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #16 0x604007b2f0cf  (<unknown module>)

Indirect leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7f93844b4bd7 in calloc (/usr/lib64/libasan.so.6+0xb4bd7)
    #1 0x7f938316aa55 in build_principal_va ccache/../../../include/k5-int.h:2282
    #2 0x7f938316acba in krb5_build_principal_alloc_va krb/bld_princ.c:128
    #3 0x7f938316ad8b in krb5_build_principal (/lib64/libkrb5.so.3+0x44d8b)
    #4 0x7f9382f7fcef in kg_acceptor_princ krb5/naming_exts.c:165
    #5 0x7f9382f7fcef in acquire_accept_cred krb5/acquire_cred.c:199
    #6 0x7f9382f7fcef in acquire_cred_context.constprop.0 krb5/acquire_cred.c:845
    #7 0x7f9382f806a2 in acquire_cred_from.constprop.0.isra.0 krb5/acquire_cred.c:1320
    #8 0x7f9382f569ad in gss_add_cred_from mechglue/g_acquire_cred.c:493
    #9 0x7f9382f592f0 in gss_acquire_cred_from mechglue/g_acquire_cred.c:161
    #10 0x7f9382f595da in gss_acquire_cred (/lib64/libgssapi_krb5.so.2+0x1b5da)
    #11 0x7f937fb43563 in gssapi_server_mech_step (/usr/lib64/sasl2/libgssapiv2.so+0x5563)
    #12 0x604007b2f0cf  (<unknown module>)

SUMMARY: AddressSanitizer: 208 byte(s) leaked in 10 allocation(s).

      Please provide the package NVR for which the bug is seen:

      krb5-libs-1.21.1-8.el9_6.x86_64

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. On a fresh IPA instance move /etc/dirsrv/ds.keytab to /etc/dirsrv/ds.keytab.bak
      2. ldapsearch -Y GSS-SPNEGO -b "" -s base "(objectClass=*)"
      3. Under AddressSanitizer there will be leaks in /var/run/dirsrv/

      Expected results

      No leak

      Actual results

      Memory leak reported by AddressSanitizer

              jrische@redhat.com Julien Rische
              vashirov@redhat.com Viktor Ashirov
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: