krb5 commit [krb5-1.13]: Fix krb5_get_init_creds_password() pwchange leak
Tom Yu
tlyu at mit.edu
Fri Sep 9 14:48:10 EDT 2016
https://github.com/krb5/krb5/commit/92ed15de11eb9995bbbc7c8c0502ac9da2a1668e
commit 92ed15de11eb9995bbbc7c8c0502ac9da2a1668e
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Jun 28 14:52:31 2016 -0400
Fix krb5_get_init_creds_password() pwchange leak
When krb5_get_init_creds_password() attempts to change the password,
make sure to free code_string along all exit paths.
(cherry picked from commit 3e5f7709e1928f1e814c427f2811d9204a167439)
ticket: 8440
version_fixed: 1.13.7
src/lib/krb5/krb/gic_pwd.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index e95673f..298f075 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -443,6 +443,7 @@ krb5_get_init_creds_password(krb5_context context,
/* the change succeeded. go on */
if (result_code == 0) {
+ free(code_string.data);
free(result_string.data);
break;
}
@@ -452,6 +453,7 @@ krb5_get_init_creds_password(krb5_context context,
ret = KRB5_CHPW_FAIL;
if (result_code != KRB5_KPASSWD_SOFTERROR) {
+ free(code_string.data);
free(result_string.data);
goto cleanup;
}
More information about the cvs-krb5
mailing list