Fix defcred leak in krb5 gss_inquire_cred()

Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory management of krb5_gss_inquire_cred(), introducing defcred to act as an owner pointer when the function must acquire a default credential. The commit neglected to update the code to release the default cred along the successful path. The old code does not trigger because cred_handle is now reassigned, so the default credential is leaked. Unify the success and failure cleanup for this function so that defcred is properly released on success. Reported by Pavel Březina. ticket: 9016 tags: pullup target_version: 1.19-next target_version: 1.18-next
author: Greg Hudson <ghudson@mit.edu> 2021-07-16 13:39:39 -0400
committer: Greg Hudson <ghudson@mit.edu> 2021-07-21 11:50:46 -0400
commit: 593e16448e1af23eef74689afe06a7bcc86e79c7 (patch)
tree: 930ae5079f4a89b7b9b5d049baf25337a75e2322 /src/lib/gssapi
parent: 65612e5e2a373cf3545a87570e4cfaf7bd1682b7 (diff)
download: krb5-593e16448e1af23eef74689afe06a7bcc86e79c7.zip
krb5-593e16448e1af23eef74689afe06a7bcc86e79c7.tar.gz
krb5-593e16448e1af23eef74689afe06a7bcc86e79c7.tar.bz2
1 files changed, 6 insertions, 10 deletions
diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c
index a8f2541..bb63b72 100644
--- a/src/lib/gssapi/krb5/inq_cred.c
+++ b/src/lib/gssapi/krb5/inq_cred.c
@@ -127,7 +127,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
     if ((code = krb5_timeofday(context, &now))) {
         *minor_status = code;
         ret = GSS_S_FAILURE;
-        goto fail;
+        goto cleanup;
     }
 
     if (cred->expire != 0) {
@@ -158,7 +158,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
             *minor_status = code;
             save_error_info(*minor_status, context);
             ret = GSS_S_FAILURE;
-            goto fail;
+            goto cleanup;
         }
     }
 
@@ -174,7 +174,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
             if (ret_name)
                 kg_release_name(context, &ret_name);
             /* *minor_status set above */
-            goto fail;
+            goto cleanup;
         }
     }
 
@@ -190,20 +190,16 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
 
     if (cred_usage)
         *cred_usage = cred->usage;
-    k5_mutex_unlock(&cred->lock);
 
     if (mechanisms) {
         *mechanisms = mechs;
         mechs = GSS_C_NO_OID_SET;
     }
 
-    if (cred_handle == GSS_C_NO_CREDENTIAL)
-        krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
-
-    krb5_free_context(context);
     *minor_status = 0;
-    return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
-fail:
+    ret = (lifetime == 0) ? GSS_S_CREDENTIALS_EXPIRED : GSS_S_COMPLETE;
+
+cleanup:
     k5_mutex_unlock(&cred->lock);
     krb5_gss_release_cred(&tmpmin, &defcred);
     krb5_free_context(context);
author	Greg Hudson <ghudson@mit.edu>	2021-07-16 13:39:39 -0400
committer	Greg Hudson <ghudson@mit.edu>	2021-07-21 11:50:46 -0400
commit	593e16448e1af23eef74689afe06a7bcc86e79c7 (patch)
tree	930ae5079f4a89b7b9b5d049baf25337a75e2322 /src/lib/gssapi
parent	65612e5e2a373cf3545a87570e4cfaf7bd1682b7 (diff)
download	krb5-593e16448e1af23eef74689afe06a7bcc86e79c7.zip krb5-593e16448e1af23eef74689afe06a7bcc86e79c7.tar.gz krb5-593e16448e1af23eef74689afe06a7bcc86e79c7.tar.bz2