diff options
author | Ilya Gladyshev <ilya.v.gladyshev@gmail.com> | 2023-08-30 21:19:59 +0100 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2023-09-02 22:21:40 -0400 |
commit | 635c8cca65b745476d07c1f5ff701445db25c10d (patch) | |
tree | 26a0d529faee8be5b119958ac360ae83b05d600e | |
parent | 5df03b02ca92deeafd4ecb6958ab9832a46d813e (diff) | |
download | krb5-635c8cca65b745476d07c1f5ff701445db25c10d.zip krb5-635c8cca65b745476d07c1f5ff701445db25c10d.tar.gz krb5-635c8cca65b745476d07c1f5ff701445db25c10d.tar.bz2 |
Fix krb5_cccol_have_content() bad pointer free
krb5_cccol_have_content() calls krb5_cc_get_principal() within a loop,
and frees the resulting principal on success or failure. Set princ to
null before each call to ensure we don't free a dangling pointer.
[ghudson@mit.edu: rewrote commit message; moved assignment for greater
clarity]
ticket: 9103
tags: pullup
target_version: 1.21-next
target_version: 1.20-next
-rw-r--r-- | src/lib/krb5/ccache/cccursor.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c index 4bcb66b..926873f 100644 --- a/src/lib/krb5/ccache/cccursor.c +++ b/src/lib/krb5/ccache/cccursor.c @@ -249,6 +249,7 @@ krb5_cccol_have_content(krb5_context context) save_first_error(context, ret, &errsave); if (ret || cache == NULL) break; + princ = NULL; ret = krb5_cc_get_principal(context, cache, &princ); save_first_error(context, ret, &errsave); if (!ret) |