diff options
author | Greg Hudson <ghudson@mit.edu> | 2016-09-22 02:21:39 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-10-24 15:38:13 -0400 |
commit | b5cd94af456bd62a0f71c5bf88dd6a74b5671653 (patch) | |
tree | f7b00ac5e0f336aaab2cfe326c2ed90b0c554b47 | |
parent | 0d05aa2ddf61eb03ddb647477d39a2bd1ccc9254 (diff) | |
download | krb5-b5cd94af456bd62a0f71c5bf88dd6a74b5671653.zip krb5-b5cd94af456bd62a0f71c5bf88dd6a74b5671653.tar.gz krb5-b5cd94af456bd62a0f71c5bf88dd6a74b5671653.tar.bz2 |
Fix unlikely leak in KDC AS-REQ error path
In prepare_error_as(), if krb5_us_timeofday() fails and error pa-data
was supplied, the FAST cookie and a shallow copy of the error padata
can be leaked. Reported by Will Fiveash.
(cherry picked from commit 8d852c577039d59e1bea383e4ddfe575c20f240d)
ticket: 8498
version_fixed: 1.14.5
-rw-r--r-- | src/kdc/do_as_req.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 5440949..712ccb7 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -859,7 +859,7 @@ prepare_error_as(struct kdc_request_state *rstate, krb5_kdc_req *request, retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec); if (retval) - return retval; + goto cleanup; errpkt.error = error; errpkt.server = request->server; errpkt.client = (error == KDC_ERR_WRONG_REALM) ? canon_client : |