[krbdev.mit.edu #9086] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Tue Jul 11 18:56:49 EDT 2023
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9086 >
Fix possible double-free during KDB creation
In krb5_dbe_def_encrypt_key_data(), when we free
key_data->key_data_contents[0], reset it to null so the caller doesn't
free it as well.
Since commit a06945b4ec267e8b80e5e8c95edd89930ff12103 this bug
manifests as a double-free during KDB creation if master key
encryption fails.
[ghudson at mit.edu: edited commit message]
(cherry picked from commit fddd419fc4112a118d8091e296cc2bfa8d8f777b)
https://github.com/krb5/krb5/commit/81a226597d5d92c0c96a063da53a586a7cdd9bb7
Author: Julien Rische <jrische at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 81a226597d5d92c0c96a063da53a586a7cdd9bb7
Branch: krb5-1.20
src/lib/kdb/encrypt_key.c | 2 ++
1 file changed, 2 insertions(+)
More information about the krb5-bugs
mailing list