[krbdev.mit.edu #6678] use of freed memory in gss_import_sec_context error path
Arlene Berry via RT
rt-comment at krbdev.mit.edu
Fri Mar 5 18:26:18 EST 2010
This occurs as far back as 1.7.
Index: src/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/import_sec_context.c (revision 23762)
+++ src/lib/gssapi/krb5/import_sec_context.c (working copy)
@@ -106,12 +106,13 @@
ibp = (krb5_octet *) interprocess_token->value;
blen = (size_t) interprocess_token->length;
kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp,
&blen);
- krb5_free_context(context);
if (kret) {
*minor_status = (OM_uint32) kret;
save_error_info(*minor_status, context);
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
+ krb5_free_context(context);
/* intern the context handle */
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
More information about the krb5-bugs
mailing list