diff options
author | Tom Yu <tlyu@mit.edu> | 2010-02-23 00:25:54 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2010-02-23 00:25:54 +0000 |
commit | 01c6f93d0364b778391dd64bfbdfa1abab5d11a4 (patch) | |
tree | a4fc00498bddda36320a66de15bd1b735760e28c | |
parent | 03aaf16911afdbb9b5189168c831c550f246cb22 (diff) | |
download | krb5-01c6f93d0364b778391dd64bfbdfa1abab5d11a4.zip krb5-01c6f93d0364b778391dd64bfbdfa1abab5d11a4.tar.gz krb5-01c6f93d0364b778391dd64bfbdfa1abab5d11a4.tar.bz2 |
pull up r23735 from trunk
------------------------------------------------------------------------
r23735 | ghudson | 2010-02-18 13:49:11 -0500 (Thu, 18 Feb 2010) | 8 lines
ticket: 6659
target_version: 1.8
tags: pullup
The TGS code was not freeing authdata. This is an old leak which was
made more evident in 1.8 by the addition of ad-signedpath authdata
appearing in most tickets issued through the TGS path.
ticket: 6659
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23747 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kdc/do_tgs_req.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 44b5791..f808276 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -136,6 +136,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, reply.padata = 0; /* For cleanup handler */ reply_encpart.enc_padata = 0; + enc_tkt_reply.authorization_data = NULL; e_data.data = NULL; session_key.contents = NULL; @@ -726,8 +727,6 @@ tgt_again: } } - enc_tkt_reply.authorization_data = NULL; - if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) && !isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) enc_tkt_reply.client = s4u_x509_user->user_id.user; @@ -1045,6 +1044,8 @@ cleanup: krb5_free_pa_data(kdc_context, reply.padata); if (reply_encpart.enc_padata) krb5_free_pa_data(kdc_context, reply_encpart.enc_padata); + if (enc_tkt_reply.authorization_data != NULL) + krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data); krb5_free_data_contents(kdc_context, &e_data); return retval; |