[krbdev.mit.edu #8695] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Jun 19 10:11:35 EDT 2018
Fix minor leaks in principal conversions
In krb5_524_conv_principal(), if the realm we read from the profile is
too long for the result buffer, free the profile value before
returning.
In krb5_425_conv_principal(), if krb5_get_realm_domain() fails, still
free any leftover allocated data using a cleanup label. The only one
that could be left over is dummy_value which we could address easily
enough within the loop, but we shouldn't sidestep the cleanup code.
Both bugs were reported by Bean Zhang.
https://github.com/krb5/krb5/commit/971c5213f7c501d3943bc0ff8db918f1616aa35a
Author: Greg Hudson <ghudson at mit.edu>
Commit: 971c5213f7c501d3943bc0ff8db918f1616aa35a
Branch: master
src/lib/krb5/krb/conv_princ.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
More information about the krb5-bugs
mailing list