15814 – Encrypted preauthentication data is not deallocated

Bug 15814 - Encrypted preauthentication data is not deallocated

Summary: Encrypted preauthentication data is not deallocated

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	4.19.9
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-02-21 11:36 UTC by Ivan Korytov
Modified:	2025-02-21 11:36 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ivan Korytov 2025-02-21 11:36:36 UTC

See also: https://bugzilla.samba.org/show_bug.cgi?id=15813

Memory that was allocated for r->ek.encrypted_pa_data for storing md.padata_value is never freed.

Example of Valgrind report on this leak (on older version of Samba):

> ==23583== 12,540 (4,560 direct, 7,980 indirect) bytes in 285 blocks are definitely lost in loss record 283 of 317
> ==23583==    at 0x48399A2: calloc (vg_replace_malloc.c:762)
> ==23583==    by 0x8D2A36E: kdc_request_add_encrypted_padata (kdc-plugin.c:438)
> ==23583==    by 0x8CCEE4B: samba_wdc_finalize_reply (wdc-samba4.c:980)
> ==23583==    by 0x6601BC5: eval_results (plugin.c:702)
> ==23583==    by 0x65F50EA: heim_array_iterate_f (array.c:260)
> ==23583==    by 0x6601F92: heim_plugin_run_f (plugin.c:776)
> ==23583==    by 0x5D54A7E: _krb5_plugin_run_f (plugin.c:156)
> ==23583==    by 0x8D2A17E: _kdc_finalize_reply (kdc-plugin.c:258)
> ==23583==    by 0x8D21495: tgs_make_reply (krb5tgs.c:788)
> ==23583==    by 0x8D21495: tgs_build_reply.isra.7 (krb5tgs.c:2037)