krb5 commit: Fix memory leak in gss_acquire_cred_from()
ghudson at mit.edu
ghudson at mit.edu
Fri Apr 10 19:52:22 EDT 2026
https://github.com/krb5/krb5/commit/e7b4a2ae07a07cc337c6a62c502f6167c52dd16b
commit e7b4a2ae07a07cc337c6a62c502f6167c52dd16b
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Apr 3 19:44:41 2026 -0400
Fix memory leak in gss_acquire_cred_from()
If gss_acquire_cred_from() is used with the krb5 mech and the verify
option (added in commit adbf73c507f383380c55d2ba9fa1ad6f30545bec), and
verification fails, make sure to free the credential we obtained
before returning. Reported by Evgeny Shemyakin.
ticket: 9204
src/lib/gssapi/krb5/acquire_cred.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 0e12c2233..d35672fbb 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -613,7 +613,7 @@ get_initial_cred(krb5_context context, const struct verify_params *verify,
{
krb5_error_code code;
krb5_get_init_creds_opt *opt = NULL;
- krb5_creds creds;
+ krb5_creds creds = { 0 };
code = krb5_get_init_creds_opt_alloc(context, &opt);
if (code)
@@ -648,8 +648,8 @@ get_initial_cred(krb5_context context, const struct verify_params *verify,
cred->name->princ = creds.client;
creds.client = NULL;
- krb5_free_cred_contents(context, &creds);
cleanup:
+ krb5_free_cred_contents(context, &creds);
krb5_get_init_creds_opt_free(context, opt);
return code;
}
More information about the cvs-krb5
mailing list