krb5 commit [krb5-1.15]: Fix leak on error in kadm5 randkey handling

Greg Hudson ghudson at mit.edu
Tue Oct 30 12:27:49 EDT 2018


https://github.com/krb5/krb5/commit/8ce051e31b7e47fc22421576f87549c1ca318302
commit 8ce051e31b7e47fc22421576f87549c1ca318302
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Oct 25 11:56:58 2018 -0400

    Fix leak on error in kadm5 randkey handling
    
    An attempt to change the kadmin/history key with the -keepold flag
    would leak the KDB entry and keysalt tuple as it returned an error.
    Use the cleanup handler instead of returning directly.  Reported by
    Bean Zhang.
    
    (cherry picked from commit c4bdb3a1c890149a472ed98a94cf85316b143265)
    
    ticket: 8759
    version_fixed: 1.15.4

 src/lib/kadm5/srv/svr_principal.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index a35c249..cb76780 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1582,8 +1582,10 @@ kadm5_randkey_principal_3(void *server_handle,
     if (krb5_principal_compare(handle->context, principal, hist_princ)) {
         /* If changing the history entry, the new entry must have exactly one
          * key. */
-        if (keepold)
-            return KADM5_PROTECT_PRINCIPAL;
+        if (keepold) {
+            ret = KADM5_PROTECT_PRINCIPAL;
+            goto done;
+        }
         new_n_ks_tuple = 1;
     }
 


More information about the cvs-krb5 mailing list