krb5 commit: Fix leak in key change operations
Greg Hudson
ghudson at mit.edu
Wed Aug 10 13:51:43 EDT 2016
https://github.com/krb5/krb5/commit/19ad1a36f0c133725981edf3dde8fe078a8285b1
commit 19ad1a36f0c133725981edf3dde8fe078a8285b1
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Jun 28 22:20:22 2016 -0400
Fix leak in key change operations
In preserve_one_old_key(), if the initial decryption in the current
master key succeeds, free the decrypted keyblock contents before
exiting.
ticket: 8446 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
src/lib/kdb/kdb_cpw.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index ead06ec..03efc28 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -106,6 +106,7 @@ preserve_one_old_key(krb5_context context, krb5_keyblock *mkey,
/* old_kd is already encrypted in mkey, so just move it. */
*new_kd = *old_kd;
memset(old_kd, 0, sizeof(*old_kd));
+ krb5_free_keyblock_contents(context, &kb);
return 0;
}
More information about the cvs-krb5
mailing list