Fix: issue with freeing static krb5 OID

Kraemii · Kraemii · commit ecd3d5145325 · 2026-03-04T11:41:27.000+01:00
diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c
@@ -420,7 +420,8 @@ okrb5_gss_free_context (struct OKrb5GSSContext *context)
         {
           gss_release_name (&min_stat, &context->gss_target);
         }
-      if (context->gss_mech != NULL)
+      // This context is set statically and should not be freed
+      if (context->gss_mech != NULL && context->gss_mech != gss_mech_spnego)
         {
           gss_release_oid (&min_stat, &context->gss_mech);
         }
diff --git a/rust/src/nasl/builtin/krb5/mod.rs b/rust/src/nasl/builtin/krb5/mod.rs
@@ -11,7 +11,8 @@ use nasl_c_lib::krb5::{
     OKrb5ErrorCode_O_KRB5_EXPECTED_NOT_NULL, OKrb5ErrorCode_O_KRB5_REALM_NOT_FOUND,
     OKrb5ErrorCode_O_KRB5_SUCCESS, OKrb5GSSContext, OKrb5Slice, OKrb5Target, OKrb5User,
     o_krb5_add_realm, o_krb5_find_kdc, o_krb5_gss_prepare_context, o_krb5_gss_session_key_context,
-    o_krb5_gss_update_context, okrb5_error_code_to_string, okrb5_gss_init_context,
+    o_krb5_gss_update_context, okrb5_error_code_to_string, okrb5_gss_free_context,
+    okrb5_gss_init_context,
 };
 use nasl_function_proc_macro::nasl_function;
 use std::os;
@@ -190,20 +191,15 @@ impl Drop for Krb5 {
             }
         }
 
-        // TODO: This block leads to munmap_chunk(): invalid pointer and Aborted (core dumped)
-        // let cached_gss_context = *self.cached_gss_context.lock().unwrap();
-        // if !cached_gss_context.is_null() {
-        //     unsafe {
-        //         okrb5_gss_free_context(cached_gss_context);
-        //     }
-        // }
+        let cached_gss_context = *self.cached_gss_context.lock().unwrap();
+        if !cached_gss_context.is_null() {
+            unsafe {
+                okrb5_gss_free_context(cached_gss_context);
+            }
+        }
     }
 }
 
-// SAFETY: Krb5 can be safely sent between threads because:
-// - The raw pointers are stored behind Arc<Mutex<...>> for synchronization
-// - Access to the pointers is guarded by mutex locks
-// - The outer Arc<Mutex<...>> provides the thread-safe coordination
 unsafe impl Send for Krb5 {}
 unsafe impl Sync for Krb5 {}
 

Original file line number	Diff line number	Diff line change
`@@ -420,7 +420,8 @@ okrb5_gss_free_context (struct OKrb5GSSContext *context)`
`420`	`420`	`{`
`421`	`421`	`gss_release_name (&min_stat, &context->gss_target);`
`422`	`422`	`}`
`423`		`- if (context->gss_mech != NULL)`
	`423`	`+ // This context is set statically and should not be freed`
	`424`	`+ if (context->gss_mech != NULL && context->gss_mech != gss_mech_spnego)`
`424`	`425`	`{`
`425`	`426`	`gss_release_oid (&min_stat, &context->gss_mech);`
`426`	`427`	`}`