[krbdev.mit.edu #7891] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Mar 27 11:42:50 EDT 2014
Don't free cred handle used in kadm5 server handle
At the end of setup_gss(), gss_client_creds is released, but an alias
to the credential handle is saved in kadm5_server_handle_t in
handle->clnt->cl_auth->(struct rpc_gss_data *)ah_private->sec.cred.
Accessing these credentials (by authgss_refresh) can result in use
after free.
This fix stores credential reference in server handle and releases
the credentials in kadm5_destroy.
[ghudson at mit.edu: initialize handle->cred to correct constant; get rid
of gss_client_creds variable; clarify commit message slightly]
https://github.com/krb5/krb5/commit/b24c362f0589a6212f2f544263bdb76e0988c582
Author: Tomas Kuthan <tkuthan at gmail.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: b24c362f0589a6212f2f544263bdb76e0988c582
Branch: master
src/lib/kadm5/clnt/client_init.c | 13 ++++++-------
src/lib/kadm5/clnt/client_internal.h | 1 +
2 files changed, 7 insertions(+), 7 deletions(-)
More information about the krb5-bugs
mailing list