#608 Memory leak in create_user_from_session
This goes for version 5.2 and 5.3. Did not check
earlier versions.
In create_user_from_session you have
if \(session->securityAuthLocalKey \!= NULL
&& session->securityAuthLocalKeyLen \!= 0\) \{
/\* already localized key passed in. use it \*/
if \(memdup\(&user->authKey, session-
securityAuthLocalKey,
session->securityAuthLocalKeyLen) !
= SNMPERR_SUCCESS) {
usm_free_user(user);
return SNMPERR_GENERR;
}
user->authKeyLen = session-
securityAuthLocalKeyLen;
} else if (session->securityAuthKey != NULL
&& session->securityAuthKeyLen != 0) {
SNMP_FREE(user->authKey);
user->authKey = (u_char *) calloc(1,
USM_LENGTH_KU_HASHBLOCK);
...
Note that this code is reached in case the usmUser is
found in the list, and therefore user->authKey was
previously allocated. Therefore there should be an
SNMP_FREE before the memdup is used, the same as there
is an SNMP_FREE before the "calloc".
The same goes for both authKey and privKey.
I checked it with purify and after adding the
SNMP_FREE the issue was resolved.
Here is the revised code:
if \(session->securityAuthLocalKey \!= NULL
&& session->securityAuthLocalKeyLen \!= 0\) \{
/\* already localized key passed in. use it \*/
SNMP\_FREE\(user->authKey\);
if \(memdup\(&user->authKey, session-
securityAuthLocalKey,
session->securityAuthLocalKeyLen) !
= SNMPERR_SUCCESS) {
usm_free_user(user);
return SNMPERR_GENERR;
}
user->authKeyLen = session-
securityAuthLocalKeyLen;
} else if (session->securityAuthKey != NULL
&& session->securityAuthKeyLen != 0) {
SNMP_FREE(user->authKey);
user->authKey = (u_char *) calloc(1,
USM_LENGTH_KU_HASHBLOCK);
...
Logged In: YES
user_id=848638
Moved to patches.
Logged In: YES
user_id=88893
Thanks for the patch! It has been applied to the 5.2.x
and 5.3.x code branches and the main development tree,
and will appear in future releases of the net-snmp package.