diff options
author | Greg Hudson <ghudson@mit.edu> | 2016-06-28 14:52:31 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-09-02 18:30:08 -0400 |
commit | 92ed15de11eb9995bbbc7c8c0502ac9da2a1668e (patch) | |
tree | 3c73d0c736ebbd95411e7bf22fa0629d7724b71d | |
parent | 7dd659b97df5799d429b8afcbb0b6b804d3feabf (diff) | |
download | krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.zip krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.tar.gz krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.tar.bz2 |
Fix krb5_get_init_creds_password() pwchange leak
When krb5_get_init_creds_password() attempts to change the password,
make sure to free code_string along all exit paths.
(cherry picked from commit 3e5f7709e1928f1e814c427f2811d9204a167439)
ticket: 8440
version_fixed: 1.13.7
-rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index e95673f..298f075 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -443,6 +443,7 @@ krb5_get_init_creds_password(krb5_context context, /* the change succeeded. go on */ if (result_code == 0) { + free(code_string.data); free(result_string.data); break; } @@ -452,6 +453,7 @@ krb5_get_init_creds_password(krb5_context context, ret = KRB5_CHPW_FAIL; if (result_code != KRB5_KPASSWD_SOFTERROR) { + free(code_string.data); free(result_string.data); goto cleanup; } |