15812 – Ticket encryption types are not deallocated

Bug 15812 - Ticket encryption types are not deallocated

Summary: Ticket encryption types are not deallocated

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	4.19.9
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jennifer Sutton
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-02-21 10:56 UTC by Ivan Korytov
Modified:	2025-02-23 23:32 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ivan Korytov 2025-02-21 10:56:49 UTC

Function sdb_entry_set_etypes allocates s->etypes->val and it is not deallocated in sdb_entry_free as it is done with s->session_etypes->val.

Each user request for a ticket leaks this structure.

Example of Valgrind report on this leak (on older version of Samba):

> ==45048== 27,000 bytes in 2,250 blocks are definitely lost in loss record 286 of 318
> ==45048==    at 0x48399A2: calloc (vg_replace_malloc.c:762)
> ==45048==    by 0x8D46DCF: sdb_entry_set_etypes (sdb.c:151)
> ==45048==    by 0x8D48A9D: samba_kdc_message2entry (db-glue.c:1435)
> ==45048==    by 0x8D4A512: samba_kdc_fetch_client (db-glue.c:2181)
> ==45048==    by 0x8D4A512: samba_kdc_fetch (db-glue.c:2772)
> ==45048==    by 0x8CDFA0E: hdb_samba4_fetch_kvno (hdb-samba4.c:260)
> ==45048==    by 0x8D00842: fetch_it (common.c:1508)
> ==45048==    by 0x8D00842: hdb_fetch_kvno (common.c:1623)
> ==45048==    by 0x8D2881E: _kdc_db_fetch (misc.c:191)
> ==45048==    by 0x8D1D75E: _kdc_as_rep (kerberos5.c:2183)
> ==45048==    by 0x8D28E86: kdc_as_req (process.c:254)
> ==45048==    by 0x8D29715: process_request (process.c:394)
> ==45048==    by 0x8D29953: krb5_kdc_process_krb5_request (process.c:459)
> ==45048==    by 0x8CD164C: kdc_process (kdc-heimdal.c:84)