Bug #16591288 WINAUTH PLUGIN LEAKS MEMORY AFTER EACH CONNECTION

Igor Solodovnikov · Igor Solodovnikov · commit 98fd42f6d8eb · 2013-04-29T13:43:32.000+03:00
Memory leak was caused by Security_buffer helper class. Its free() method was implemented to set m_allocated=false after freeing context buffer. Since Security_buffer has no means to set m_allocated back to true this leads to not freeing all subsequent context buffers.

Fixed by:
- making Security_buffer::m_allocated const object (so it can be assigned by constructor only)
- rewriting Security_buffer::free() to not alter value of Security_buffer::m_allocated
- Disallow copying/assignment of Security_buffer class instances to prevent new memory leaks in the future

This patch also fixes minor bugs in Map_cache class.
diff --git a/libmysql/authentication_win/handshake.cc b/libmysql/authentication_win/handshake.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -280,10 +280,9 @@ Security_buffer::Security_buffer(): m_allocated(true)
 
 void Security_buffer::free(void)
 {
-  if (!m_allocated)
-    return;
-  if (!ptr())
-    return;
-  FreeContextBuffer(ptr());
-  m_allocated= false;
+  if (m_allocated && NULL != ptr())
+  {
+    FreeContextBuffer(ptr());
+    init(NULL, 0);
+  }
 }
diff --git a/libmysql/authentication_win/handshake.h b/libmysql/authentication_win/handshake.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -53,7 +53,12 @@ class Security_buffer: public SecBufferDesc
   }
 
   /// If @c false, no deallocation will be done in the destructor.
-  bool m_allocated;
+  const bool m_allocated;
+
+  // Copying/assignment is not supported and can lead to memory leaks
+  // So declaring copy constructor and assignment operator as private
+  Security_buffer( const Security_buffer& );
+  const Security_buffer& operator=( const Security_buffer& );
 
  public:
 
@@ -75,11 +80,6 @@ class Security_buffer: public SecBufferDesc
     return m_buf.cbBuffer;
   }
 
-  bool is_valid() const
-  {
-    return ptr() != NULL;
-  }
-
   const Blob as_blob() const
   {
     return Blob(ptr(), len());
