krb5 commit: Fix krb5_get_init_creds_password() pwchange leak
Greg Hudson
ghudson at mit.edu
Wed Aug 10 13:51:38 EDT 2016
https://github.com/krb5/krb5/commit/3e5f7709e1928f1e814c427f2811d9204a167439
commit 3e5f7709e1928f1e814c427f2811d9204a167439
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Jun 28 14:52:31 2016 -0400
Fix krb5_get_init_creds_password() pwchange leak
When krb5_get_init_creds_password() attempts to change the password,
make sure to free code_string along all exit paths.
ticket: 8440 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
src/lib/krb5/krb/gic_pwd.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 55aa9d6..6f3a29f 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -442,6 +442,7 @@ krb5_get_init_creds_password(krb5_context context,
/* the change succeeded. go on */
if (result_code == 0) {
+ free(code_string.data);
free(result_string.data);
break;
}
@@ -451,6 +452,7 @@ krb5_get_init_creds_password(krb5_context context,
ret = KRB5_CHPW_FAIL;
if (result_code != KRB5_KPASSWD_SOFTERROR) {
+ free(code_string.data);
free(result_string.data);
goto cleanup;
}
More information about the cvs-krb5
mailing list