krb5 commit [krb5-1.10]: Fix GSS krb5 acceptor acquire_cred error handling
Tom Yu
tlyu at MIT.EDU
Wed Jan 22 22:38:00 EST 2014
https://github.com/krb5/krb5/commit/0eb2c1a21af5028c0dd0334e0c01566fa1175052
commit 0eb2c1a21af5028c0dd0334e0c01566fa1175052
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Dec 16 15:37:56 2013 -0500
Fix GSS krb5 acceptor acquire_cred error handling
When acquiring acceptor creds with a specified name, if we fail to
open a replay cache, we leak the keytab handle. If there is no
specified name and we discover that there is no content in the keytab,
we leak the keytab handle and return the wrong major code. Memory
leak reported by Andrea Campi.
(cherry picked from commit decccbcb5075f8fbc28a535a9b337afc84a15dee)
ticket: 7844 (new)
version_fixed: 1.10.8
status: resolved
src/lib/gssapi/krb5/acquire_cred.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index c815b35..a7a209e 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -243,6 +243,7 @@ acquire_accept_cred(krb5_context context,
assert(cred->name == NULL);
code = kg_duplicate_name(context, desired_name, &cred->name);
if (code) {
+ krb5_kt_close(context, kt);
*minor_status = code;
return GSS_S_FAILURE;
}
@@ -251,8 +252,9 @@ acquire_accept_cred(krb5_context context,
code = krb5_get_server_rcache(context, &desired_name->princ->data[0],
&cred->rcache);
if (code) {
+ krb5_kt_close(context, kt);
*minor_status = code;
- return GSS_S_FAILURE;
+ return GSS_S_CRED_UNAVAIL;
}
}
More information about the cvs-krb5
mailing list