Description of problem: gss_krb5_copy_ccache leaks a copy of each credential Version-Release number of selected component (if applicable): krb5-libs-1.3.4-27 How reproducible: Always Steps to Reproduce: 1. Use the function gss_krb5_copy_ccache 2. 3. Actual results: A copy of each credential has now been leaked Expected results: No leaked memory Additional info: src/lib/gssapi/krb5/copy_ccache.c invokes krb5_ccc_next_cred in a loop without freeing the returned credentials after storing them in the other cache. There seem to be no workaround. This has not been fixed upstream in krb5-1.5beta2
heimdal does the correct thing: while (ret == 0 && krb5_cc_next_cred_match(context, from, &cursor, &cred, whichfields, mcreds) == 0) { if (matched) (*matched)++; ret = krb5_cc_store_cred(context, to, &cred); krb5_free_cred_contents(context, &cred); } (from heimdal-0.7.2/lib/krb5/cache.c)
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.