[krbdev.mit.edu #8362] memleak in decrypt_2ndtkt()
Will Fiveash via RT
rt-comment at krbdev.mit.edu
Wed Feb 17 17:09:29 EST 2016
In decrypt_2ndtkt() there is:
retval = kdc_get_server_key(kdc_context, stkt,
flags,
TRUE, /* match_enctype */
&server, <<<< alloc'ed memory
&key,
&kvno);
if (retval != 0) {
*status = "2ND_TKT_SERVER";
goto cleanup;
}
retval = krb5_decrypt_tkt_part(kdc_context, key,
req->second_ticket[0]);
krb5_free_keyblock(kdc_context, key);
if (retval != 0) {
*status = "2ND_TKT_DECRYPT";
goto cleanup;
}
*server_out = server;
cleanup:
return retval;
}
If kdc_get_server_key() succeeds but krb5_decrypt_tkt_part() fails,
server is leaked.
More information about the krb5-bugs
mailing list