Fix krb5_cccol_have_content() bad pointer free

krb5_cccol_have_content() calls krb5_cc_get_principal() within a loop, and frees the resulting principal on success or failure. Set princ to null before each call to ensure we don't free a dangling pointer. [ghudson@mit.edu: rewrote commit message; moved assignment for greater clarity] ticket: 9103 tags: pullup target_version: 1.21-next target_version: 1.20-next
author: Ilya Gladyshev <ilya.v.gladyshev@gmail.com> 2023-08-30 21:19:59 +0100
committer: Greg Hudson <ghudson@mit.edu> 2023-09-02 22:21:40 -0400
commit: 635c8cca65b745476d07c1f5ff701445db25c10d (patch)
tree: 26a0d529faee8be5b119958ac360ae83b05d600e
parent: 5df03b02ca92deeafd4ecb6958ab9832a46d813e (diff)
download: krb5-635c8cca65b745476d07c1f5ff701445db25c10d.zip
krb5-635c8cca65b745476d07c1f5ff701445db25c10d.tar.gz
krb5-635c8cca65b745476d07c1f5ff701445db25c10d.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 4bcb66b..926873f 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -249,6 +249,7 @@ krb5_cccol_have_content(krb5_context context)
         save_first_error(context, ret, &errsave);
         if (ret || cache == NULL)
             break;
+        princ = NULL;
         ret = krb5_cc_get_principal(context, cache, &princ);
         save_first_error(context, ret, &errsave);
         if (!ret)
author	Ilya Gladyshev <ilya.v.gladyshev@gmail.com>	2023-08-30 21:19:59 +0100
committer	Greg Hudson <ghudson@mit.edu>	2023-09-02 22:21:40 -0400
commit	635c8cca65b745476d07c1f5ff701445db25c10d (patch)
tree	26a0d529faee8be5b119958ac360ae83b05d600e
parent	5df03b02ca92deeafd4ecb6958ab9832a46d813e (diff)
download	krb5-635c8cca65b745476d07c1f5ff701445db25c10d.zip krb5-635c8cca65b745476d07c1f5ff701445db25c10d.tar.gz krb5-635c8cca65b745476d07c1f5ff701445db25c10d.tar.bz2