https://github.com/krb5/krb5/commit/721e80d6deece5ed6d7b2c1a160105830bf45b4b
commit 721e80d6deece5ed6d7b2c1a160105830bf45b4b
Author: Nicolas Williams <nico at twosigma.com>
Date: Tue Sep 1 11:58:30 2015 -0400
Fix krb5_rd_req() memory leak
In release 1.13, commit eba8c4909ec7ba0d7054d5d1b1061319e9970cc7
(ticket #7232) introduced a memory leak when skipping keytab entries
which do not match the application-provided server specification. Fix
it by freeing the keytab entry before continuing the loop on a failure
to match.
[ghudson at mit.edu: commit message]
(cherry picked from commit 3aa8506ee9e1f564e3f396eed5ac5616d7c54b34)
ticket: 8239
version_fixed: 1.13.3
status: resolved
src/lib/krb5/krb/rd_req_dec.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index df5ba7a..6defbdb 100644
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -396,6 +396,7 @@ decrypt_ticket(krb5_context context, const krb5_ap_req *req,
if (!krb5_sname_match(context, server, ent.principal)) {
if (krb5_principal_compare(context, ent.principal, tkt_server))
tkt_server_mismatch = TRUE;
+ (void)krb5_free_keytab_entry_contents(context, &ent);
continue;
}
found_server_match = TRUE;