krb5-gssapi: Delete the GSS-API context.

This fixes a memory leak related to the GSS-API code. Added a krb5_init and krb5_end functions. Also removed a work-around the lack of proper initialization of the GSS-API context.
2010-10-02 00:33:24 -07:00 · 2010-10-02 00:33:24 -07:00 · 4b69f641a6
commit 4b69f641a6
parent 2ae6c47d5d
2 changed files with 26 additions and 3 deletions
--- a/lib/ftp.c
+++ b/lib/ftp.c
@ -3860,6 +3860,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn)

  Curl_pp_disconnect(pp);

+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  Curl_sec_end(conn);
+#endif
+
  return CURLE_OK;
 }

--- a/lib/krb5.c
+++ b/lib/krb5.c
@ -75,10 +75,19 @@
 #define LOCAL_ADDR (&conn->local_addr)
 #define REMOTE_ADDR conn->ip_addr->ai_addr

+static int
+krb5_init(void *app_data)
+{
+  gss_ctx_id_t *context = app_data;
+  /* Make sure our context is initialized for krb5_end. */
+  *context = GSS_C_NO_CONTEXT;
+  return 0;
+}
+
 static int
 krb5_check_prot(void *app_data, int level)
 {
-  app_data = NULL; /* prevent compiler warning */
+  (void)app_data; /* unused */
  if(level == prot_confidential)
    return -1;
  return 0;
@ -309,12 +318,22 @@ krb5_auth(void *app_data, struct connectdata *conn)
  }
 }

+static void krb5_end(void *app_data)
+{
+    OM_uint32 maj, min;
+    gss_ctx_id_t *context = app_data;
+    if (*context != GSS_C_NO_CONTEXT) {
+      maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+      DEBUGASSERT(maj == GSS_S_COMPLETE);
+    }
+}
+
 struct Curl_sec_client_mech Curl_krb5_client_mech = {
    "GSSAPI",
    sizeof(gss_ctx_id_t),
-    NULL, /* init */
+    krb5_init,
    krb5_auth,
-    NULL, /* end */
+    krb5_end,
    krb5_check_prot,
    krb5_overhead,
    krb5_encode,