krb5 commit: Don't leak the reply key's memory during PKINIT
Greg Hudson
ghudson at MIT.EDU
Mon Jul 15 11:02:25 EDT 2013
https://github.com/krb5/krb5/commit/40d61fe580a57d63987c4e2b8eecd9f0ed1f1189
commit 40d61fe580a57d63987c4e2b8eecd9f0ed1f1189
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Tue Jul 9 17:20:27 2013 -0400
Don't leak the reply key's memory during PKINIT
src/plugins/preauth/pkinit/pkinit_clnt.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index ff564ff..5db24da 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -1130,8 +1130,10 @@ pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata,
retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request,
in_padata, enctype, &as_key,
encoded_previous_request);
- if (retval == 0)
+ if (retval == 0) {
retval = cb->set_as_key(context, rock, &as_key);
+ krb5_free_keyblock_contents(context, &as_key);
+ }
}
pkiDebug("pkinit_client_process: returning %d (%s)\n",
More information about the cvs-krb5
mailing list