krb5 commit: Improve cleanup in krb5_rc_io_fetch()

Tue Dec 6 11:05:57 EST 2016

https://github.com/krb5/krb5/commit/8b3e207bfe7fca287885ec47116d17784fa7e726
commit 8b3e207bfe7fca287885ec47116d17784fa7e726
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Dec 2 11:10:52 2016 -0500

    Improve cleanup in krb5_rc_io_fetch()
    
    In the error cleanup for krb5_rc_io_fetch(), null out rep->msghash
    after freeing it, like we do with rep->client and rep->server.  This
    omission is currently harmless because krb5_rc_io_fetch() never sets
    rep->msghash before failing, but it could result in a double-free or
    use after free if the code changes.

 src/lib/krb5/rcache/rc_dfl.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
index c4d2c74..80c22ae 100644
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -517,7 +517,7 @@ errout:
         free(rep->server);
     if (rep->msghash)
         free(rep->msghash);
-    rep->client = rep->server = 0;
+    rep->client = rep->server = rep->msghash = NULL;
     return retval;
 }
 
