aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2021-07-21 13:43:39 -0400
committerGreg Hudson <ghudson@mit.edu>2021-07-21 13:43:39 -0400
commit098f874f3b50dd2c46c0a574677324b5f6f3a1a8 (patch)
treec4e9ded1a2255471cf3047bb439e5c5b44ee6647
parentd8c95fe992fe7e0d9314a28364fc26992f1da628 (diff)
downloadkrb5-098f874f3b50dd2c46c0a574677324b5f6f3a1a8.zip
krb5-098f874f3b50dd2c46c0a574677324b5f6f3a1a8.tar.gz
krb5-098f874f3b50dd2c46c0a574677324b5f6f3a1a8.tar.bz2
Fix defcred leak in krb5 gss_inquire_cred()
Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory management of krb5_gss_inquire_cred(), introducing defcred to act as an owner pointer when the function must acquire a default credential. The commit neglected to update the code to release the default cred along the successful path. The old code does not trigger because cred_handle is now reassigned, so the default credential is leaked. Reported by Pavel Březina. (a minimal alternative to commit 593e16448e1af23eef74689afe06a7bcc86e79c7) ticket: 9016 version_fixed: 1.19.2
Diffstat
-rw-r--r--src/lib/gssapi/krb5/inq_cred.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c
index a8f2541..cd8384d 100644
--- a/src/lib/gssapi/krb5/inq_cred.c
+++ b/src/lib/gssapi/krb5/inq_cred.c
@@ -197,9 +197,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
mechs = GSS_C_NO_OID_SET;
}
- if (cred_handle == GSS_C_NO_CREDENTIAL)
- krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
-
+ krb5_gss_release_cred(minor_status, &defcred);
krb5_free_context(context);
*minor_status = 0;
return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
generated by cgit v1.1 at 2024-06-28 10:03:57 +0000