[krbdev.mit.edu #2534] Memory leak when wrong password is used.
lijian via RT
rt-comment at krbdev.mit.edu
Wed Apr 14 17:31:25 EDT 2004
OS: All
Kerberos 5 Version: 1.3.3
The function krb5_get_init_creds_password() leaks memory if wrong password
is used.
The memory leak happens in krb5_get_init_creds_password() function in
src/lib/krb5/krb/gic_pwd.c.
Below is the fix:
$diff -u src/lib/krb5/krb/gic_pwd.c /tmp/gic_pwd.c.fixed
--- src/lib/krb5/krb/gic_pwd.c 2003-08-08 13:46:26.000000000 -0700
+++ /tmp/gic_pwd.c.fixed 2004-04-12 18:07:05.000000000 -0700
@@ -146,6 +146,9 @@
if (!use_master) {
use_master = 1;
+ if (as_reply)
+ krb5_free_kdc_rep(context, as_reply);
+
ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
krb5_get_as_key_password, (void *) &pw0,
Lijian Liu
Sendmail, Inc.
(510)-594-5527
More information about the krb5-bugs
mailing list