krb5 commit: Fix minor leaks in principal conversions

Tue Jun 19 10:11:33 EDT 2018

https://github.com/krb5/krb5/commit/971c5213f7c501d3943bc0ff8db918f1616aa35a
commit 971c5213f7c501d3943bc0ff8db918f1616aa35a
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Jun 15 11:20:34 2018 -0400

    Fix minor leaks in principal conversions
    
    In krb5_524_conv_principal(), if the realm we read from the profile is
    too long for the result buffer, free the profile value before
    returning.
    
    In krb5_425_conv_principal(), if krb5_get_realm_domain() fails, still
    free any leftover allocated data using a cleanup label.  The only one
    that could be left over is dummy_value which we could address easily
    enough within the loop, but we shouldn't sidestep the cleanup code.
    
    Both bugs were reported by Bean Zhang.
    
    ticket: 8695

 src/lib/krb5/krb/conv_princ.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c
index 78fc2f4..9dc3798 100644
--- a/src/lib/krb5/krb/conv_princ.c
+++ b/src/lib/krb5/krb/conv_princ.c
@@ -239,8 +239,10 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
             realm[compo->length] = '\0';
         } else {
             tmp_realm_len =  strlen(tmp_realm);
-            if (tmp_realm_len > REALM_SZ - 1)
+            if (tmp_realm_len > REALM_SZ - 1) {
+                profile_release_string(tmp_realm);
                 return KRB5_INVALID_PRINCIPAL;
+            }
             strncpy(realm, tmp_realm, tmp_realm_len);
             realm[tmp_realm_len] = '\0';
             profile_release_string(tmp_realm);
@@ -332,7 +334,7 @@ krb5_425_conv_principal(krb5_context context, const char *name,
                 buf[sizeof(buf) - 1] = '\0';
                 retval = krb5_get_realm_domain(context, realm, &domain);
                 if (retval)
-                    return retval;
+                    goto cleanup;
                 if (domain) {
                     for (cp = domain; *cp; cp++)
                         if (isupper((unsigned char) (*cp)))
@@ -349,6 +351,7 @@ krb5_425_conv_principal(krb5_context context, const char *name,
 not_service:
     retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
                                   instance, NULL);
+cleanup:
     if (iterator) profile_iterator_free (&iterator);
     if (full_name) profile_free_list(full_name);
     if (v4realms) profile_free_list(v4realms);
