svn rev #23735: trunk/src/kdc/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Feb 18 13:49:12 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23735
Commit By: ghudson
Log Message:
ticket: 6659
target_version: 1.8
tags: pullup
The TGS code was not freeing authdata. This is an old leak which was
made more evident in 1.8 by the addition of ad-signedpath authdata
appearing in most tickets issued through the TGS path.
Changed Files:
U trunk/src/kdc/do_tgs_req.c
Modified: trunk/src/kdc/do_tgs_req.c
===================================================================
--- trunk/src/kdc/do_tgs_req.c 2010-02-18 18:04:47 UTC (rev 23734)
+++ trunk/src/kdc/do_tgs_req.c 2010-02-18 18:49:11 UTC (rev 23735)
@@ -136,6 +136,7 @@
reply.padata = 0; /* For cleanup handler */
reply_encpart.enc_padata = 0;
+ enc_tkt_reply.authorization_data = NULL;
e_data.data = NULL;
session_key.contents = NULL;
@@ -726,8 +727,6 @@
}
}
- enc_tkt_reply.authorization_data = NULL;
-
if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
!isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM))
enc_tkt_reply.client = s4u_x509_user->user_id.user;
@@ -1045,6 +1044,8 @@
krb5_free_pa_data(kdc_context, reply.padata);
if (reply_encpart.enc_padata)
krb5_free_pa_data(kdc_context, reply_encpart.enc_padata);
+ if (enc_tkt_reply.authorization_data != NULL)
+ krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
krb5_free_data_contents(kdc_context, &e_data);
return retval;
More information about the cvs-krb5
mailing list