Fix freenig of names in Kerberos when using MIT - need to use the

free function provided in the Kerberos library.
This fixes a very hard to track down heap corruption on windows
when using debug runtimes.

5 files changed, 87 insertions, 4 deletions

diff --git a/configure b/configure
index 6e9dfe69883..1f13896cb11 100755
--- a/configure
+++ b/configure
@@ -14398,6 +14398,64 @@ fi
 
 fi
 
+
+# Win32 requires headers to be loaded for __stdcall, so can't use
+# AC_CHECK_FUNCS here.
+  echo "$as_me:$LINENO: checking for krb5_free_unparsed_name" >&5
+echo $ECHO_N "checking for krb5_free_unparsed_name... $ECHO_C" >&6
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <krb5.h>
+int
+main ()
+{
+krb5_free_unparsed_name(NULL,NULL);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5_FREE_UNPARSED_NAME 1
+_ACEOF
+
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
 fi
 
 
diff --git a/configure.in b/configure.in
index d3bec75e6c6..c01ae3fcd7f 100644
--- a/configure.in
+++ b/configure.in
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-dnl $PostgreSQL: pgsql/configure.in,v 1.518 2007/07/10 16:41:01 tgl Exp $
+dnl $PostgreSQL: pgsql/configure.in,v 1.519 2007/07/12 14:10:39 mha Exp $
 dnl
 dnl Developers, please strive to achieve this order:
 dnl
@@ -965,6 +965,15 @@ if test "$with_krb5" = yes; then
                                      [AC_MSG_ERROR([could not determine how to extract Kerberos 5 error messages])],
                                      [#include <krb5.h>])],
                    [#include <krb5.h>])
+
+# Win32 requires headers to be loaded for __stdcall, so can't use
+# AC_CHECK_FUNCS here.
+  AC_MSG_CHECKING(for krb5_free_unparsed_name)
+  AC_TRY_LINK([#include <krb5.h>],
+              [krb5_free_unparsed_name(NULL,NULL);],
+              [AC_DEFINE(HAVE_KRB5_FREE_UNPARSED_NAME, 1, [Define to 1 if you have krb5_free_unparsed_name]) 
+AC_MSG_RESULT(yes)],
+              [AC_MSG_RESULT(no)])
 fi
 
 
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 2381c20da17..e2962d123c7 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -214,6 +214,9 @@
 /* Define to 1 if `text.data' is member of `krb5_error'. */
 #undef HAVE_KRB5_ERROR_TEXT_DATA
 
+/* Define to 1 if you have krb5_free_unparsed_name */
+#undef HAVE_KRB5_FREE_UNPARSED_NAME
+
 /* Define to 1 if `client' is member of `krb5_ticket'. */
 #undef HAVE_KRB5_TICKET_CLIENT
 
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 8e6dca6fb05..f19ef07671d 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.124 2007/07/10 13:14:21 mha Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.125 2007/07/12 14:10:39 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -64,6 +64,18 @@
 #endif
 
 /*
+ * Heimdal doesn't have a free function for unparsed names. Just pass it to
+ * standard free() which should work in these cases.
+ */
+#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
+static void
+krb5_free_unparsed_name(krb5_context context, char *val)
+{
+	free(val);
+}
+#endif
+
+/*
  * pg_an_to_ln -- return the local name corresponding to an authentication
  *				  name
  *
@@ -180,8 +192,8 @@ pg_krb5_destroy(struct krb5_info * info)
 {
 	krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
 	krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
+	krb5_free_unparsed_name(info->pg_krb5_context, info->pg_krb5_name);
 	krb5_free_context(info->pg_krb5_context);
-	free(info->pg_krb5_name);
 }
 
 
diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
index d8c883f6767..78844e3d973 100644
--- a/src/tools/msvc/Solution.pm
+++ b/src/tools/msvc/Solution.pm
@@ -3,7 +3,7 @@ package Solution;
 #
 # Package that encapsulates a Visual C++ solution file generation
 #
-# $PostgreSQL: pgsql/src/tools/msvc/Solution.pm,v 1.27 2007/06/20 17:19:00 adunstan Exp $
+# $PostgreSQL: pgsql/src/tools/msvc/Solution.pm,v 1.28 2007/07/12 14:10:39 mha Exp $
 #
 use Carp;
 use strict;
@@ -123,6 +123,7 @@ s{PG_VERSION_STR "[^"]+"}{__STRINGIFY(x) #x\n#define __STRINGIFY2(z) __STRINGIFY
             print O "#define KRB5 1\n";
             print O "#define HAVE_KRB5_ERROR_TEXT_DATA 1\n";
             print O "#define HAVE_KRB5_TICKET_ENC_PART2 1\n";
+            print O "#define HAVE_KRB5_FREE_UNPARSED_NAME 1\n";
             print O "#define PG_KRB_SRVNAM \"postgres\"\n";
         }
 		if (my $port = $self->{options}->{"--with-pgport"})