Red Hat Bugzilla – Bug 173681
[PATCH] pam_krb5 leaks file descriptor
Last modified: 2007-11-30 17:07:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1
Description of problem:
When the 'validate' flag is given to pam_krb5 in the PAM configuration, pam_krb5 leaks a file descriptor.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Enable validate for pam_krb5
2. Use pam_krb5 in a process that doesn't die after using PAM (like saslauthd)
3. Use lsof to verify that the file descriptor is being leaked
Actual Results: One file descriptor is leaked per authentication.
Expected Results: No files should be leaked.
Created attachment 121256 [details]
Fixes file descriptor leak
Note to self: the file handle is stored in the krb5_keytab structure, and the
call to krb5_verify_init_creds overwrites the one we're using when it creates
its own cursor.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.