krb5 commit [krb5-1.13]: Fix leaks on error in krb5 gss_acquire_cred()
Tom Yu
tlyu at mit.edu
Fri Sep 9 14:48:09 EDT 2016
https://github.com/krb5/krb5/commit/1f612b3d1c241efd95cc0d5027e8273218209898
commit 1f612b3d1c241efd95cc0d5027e8273218209898
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Jun 27 17:49:57 2016 -0400
Fix leaks on error in krb5 gss_acquire_cred()
In acquire_cred_context(), when releasing the partially constructed
cred on error, make sure to free the password and impersonator fields,
and to destroy the ccache if we created it.
(cherry picked from commit ee7315964e52fe351ddb6884e0e8baf1ecce2144)
ticket: 8437
version_fixed: 1.13.7
src/lib/gssapi/krb5/acquire_cred.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 8bdf7c4..a8199c5 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -836,8 +836,12 @@ krb_error_out:
error_out:
if (cred != NULL) {
- if (cred->ccache)
- krb5_cc_close(context, cred->ccache);
+ if (cred->ccache) {
+ if (cred->destroy_ccache)
+ krb5_cc_destroy(context, cred->ccache);
+ else
+ krb5_cc_close(context, cred->ccache);
+ }
if (cred->client_keytab)
krb5_kt_close(context, cred->client_keytab);
#ifndef LEAN_CLIENT
@@ -848,6 +852,8 @@ error_out:
krb5_rc_close(context, cred->rcache);
if (cred->name)
kg_release_name(context, &cred->name);
+ krb5_free_principal(context, cred->impersonator);
+ zapfreestr(cred->password);
k5_mutex_destroy(&cred->lock);
xfree(cred);
}
More information about the cvs-krb5
mailing list