krb5 commit [krb5-1.11]: Fix leak in kadm5_flush with LDAP KDB

Tom Yu tlyu at mit.edu
Fri Feb 6 17:26:59 EST 2015


https://github.com/krb5/krb5/commit/aaaef80edb4746ae2d631c669073a7eaa91dfdbb
commit aaaef80edb4746ae2d631c669073a7eaa91dfdbb
Author: Tomas Kuthan <tkuthan at gmail.com>
Date:   Wed Apr 2 17:48:04 2014 +0200

    Fix leak in kadm5_flush with LDAP KDB
    
    Due to an inverted test in adb_policy_init, kadm5_flush calls
    krb5_db_open twice.  With the DB2 KDB module, the second open is a
    no-op, but with the LDAP module, a new DB handle is allocated and the
    old one is leaked.
    
    [ghudson at mit.edu: rewrote commit message]
    
    (cherry picked from commit 372e4cb6f5d4a603e6e3157c7b5d354953836136)
    
    ticket: 8096 (new)
    version_fixed: 1.11.6
    status: resolved

 src/lib/kadm5/srv/server_misc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c
index 30a0b5a..18d047b 100644
--- a/src/lib/kadm5/srv/server_misc.c
+++ b/src/lib/kadm5/srv/server_misc.c
@@ -38,7 +38,7 @@ kadm5_ret_t
 adb_policy_init(kadm5_server_handle_t handle)
 {
     /* now policy is initialized as part of database. No seperate call needed */
-    if( krb5_db_inited( handle->context ) )
+    if (krb5_db_inited(handle->context) == 0)
         return KADM5_OK;
 
     return krb5_db_open( handle->context, NULL,


More information about the cvs-krb5 mailing list