From b09f2fc4633a4955f2e54b2d6434e7f448c28029 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Fri, 13 Mar 2026 13:21:02 +0100 Subject: [PATCH 1/2] KRB5: fix mem leak in `authenticate_stored_users()` --- src/providers/krb5/krb5_delayed_online_authentication.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index 1fac986a620..7f49e2e5975 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -160,6 +160,7 @@ static errno_t authenticate_stored_users( iter = new_hash_iter_context(deferred_auth_ctx->user_table); if (iter == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "new_hash_iter_context failed.\n"); + hash_destroy(uid_table); return EINVAL; } @@ -205,6 +206,7 @@ static errno_t authenticate_stored_users( } talloc_free(iter); + hash_destroy(uid_table); return EOK; } From 57137e13bb03ba862ebb2994f35a6e0d9a976b46 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 16 Mar 2026 12:29:54 +0100 Subject: [PATCH 2/2] UTIL: fix mem leak if `get_active_uid()` fails --- src/util/find_uid.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/util/find_uid.c b/src/util/find_uid.c index ddbab4ab968..eedbe58283b 100644 --- a/src/util/find_uid.c +++ b/src/util/find_uid.c @@ -422,7 +422,13 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) return ENOMEM; } - return get_active_uid(*table, 0); + ret = get_active_uid(*table, 0); + if (ret != EOK) { + hash_destroy(*table); + *table = NULL; + } + + return ret; } errno_t check_if_uid_is_active(uid_t uid, bool *result)