On 09/26/2016 12:11, Benjamin Kaduk <bkaduk at akamai.com> wrote: > > On 09/26/2016 11:01 AM, Salz, Rich wrote: > > Kssl_calloc calls openssl_malloc which means the data must be > free'd with openssl_free. And in debug builds any non-free'd data is > a leak and reported. Ton line 875 the data is allocated and never > free'd, so it skips the leak detection. In some of those other > places, perhaps it's because the KRB API needs something it can free > or realloc? I'm not sure. > > > > It doesn't look like the allocated memory is used as input to a krb5 > routine, so I think it's just a bug. > > -Ben As it turns out, that wasn't the code that was giving me trouble in my application. Instead, it's the code in crypto\LPdir_win.c, which is included via crypto\LPdir_wince.c, which is included in crypto\o_dir.c I found a portability tip on the web that says not to use malloc or calloc in Windows CE applications. (Actually, Google found me a result in the book "Making Win32 Applications Mobile" by Nancy Nicolaisen.) I've cc'ed Richard Levitte, who is credited for LPdir_win.c, perhaps he can comment on whether LocalAlloc would be an appropriate replacement. Thanks.
