diff options
author | Greg Hudson <ghudson@mit.edu> | 2018-10-25 11:56:58 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2018-10-29 22:27:04 -0400 |
commit | 8ce051e31b7e47fc22421576f87549c1ca318302 (patch) | |
tree | e5165fd216856cbd5fb4da5882071b59b8cae836 | |
parent | 6079814ef5668971501041451eb258584e1b60f3 (diff) | |
download | krb5-8ce051e31b7e47fc22421576f87549c1ca318302.zip krb5-8ce051e31b7e47fc22421576f87549c1ca318302.tar.gz krb5-8ce051e31b7e47fc22421576f87549c1ca318302.tar.bz2 |
Fix leak on error in kadm5 randkey handling
An attempt to change the kadmin/history key with the -keepold flag
would leak the KDB entry and keysalt tuple as it returned an error.
Use the cleanup handler instead of returning directly. Reported by
Bean Zhang.
(cherry picked from commit c4bdb3a1c890149a472ed98a94cf85316b143265)
ticket: 8759
version_fixed: 1.15.4
-rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index a35c249..cb76780 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -1582,8 +1582,10 @@ kadm5_randkey_principal_3(void *server_handle, if (krb5_principal_compare(handle->context, principal, hist_princ)) { /* If changing the history entry, the new entry must have exactly one * key. */ - if (keepold) - return KADM5_PROTECT_PRINCIPAL; + if (keepold) { + ret = KADM5_PROTECT_PRINCIPAL; + goto done; + } new_n_ks_tuple = 1; } |