diff options
author | Greg Hudson <ghudson@mit.edu> | 2016-06-28 22:10:35 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-09-02 18:30:08 -0400 |
commit | c36c4e4b12ed10d2fe4c8c0293e036dff8985758 (patch) | |
tree | 9fba59f38940aa7fb775ac87e0c9761beb995d79 | |
parent | 165c99c8df06795f5c7a3a2866452a6a996f1ab7 (diff) | |
download | krb5-c36c4e4b12ed10d2fe4c8c0293e036dff8985758.zip krb5-c36c4e4b12ed10d2fe4c8c0293e036dff8985758.tar.gz krb5-c36c4e4b12ed10d2fe4c8c0293e036dff8985758.tar.bz2 |
Fix unlikely leak in sendto_kdc
If a TCP connection is killed after it allocates the buffer (so is no
longer in READING state), free the buffer during cleanup.
(cherry picked from commit 6895dc9f204520e7f4da8da879cc67c149bc4e6b)
ticket: 8444
version_fixed: 1.13.7
-rw-r--r-- | src/lib/krb5/os/sendto_kdc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 3b3b438..9c54d99 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -1512,7 +1512,7 @@ cleanup: closesocket(state->fd); free_http_tls_data(context, state); } - if (state->state == READING && state->in.buf != udpbuf) + if (state->in.buf != udpbuf) free(state->in.buf); if (callback_info) { callback_info->pfn_cleanup(callback_info->data, |