In parsing authorization data, if run out of memory, the authorization

data was released, but the pointer not zeroed.  This resulted in
higher level code trying to free it again.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20667 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 6 insertions, 2 deletions

diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 0e5a9b6..a24ff45 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -816,6 +816,7 @@ krb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a)
 	  (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
 	  if ((*a)[i] == NULL) {
 	      krb5_free_authdata(context, *a);
+	      *a = NULL;
 	      return KRB5_CC_NOMEM;
 	  }
 	  (*a)[i]->contents = NULL;
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index be22a83..2d8864a 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -1287,7 +1287,7 @@ krb5_krcc_parse_cred(krb5_context context, krb5_ccache id, krb5_creds * creds,
     memset(creds->ticket.data, 0, (unsigned) creds->ticket.length);
     krb5_xfree(creds->ticket.data);
   cleanauthdata:
-    /* XXX ??? */
+    krb5_free_authdata(context, creds->authdata);
   cleanaddrs:
     krb5_free_addresses(context, creds->addresses);
   cleanblock:
@@ -1616,6 +1616,7 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id,
 	(*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
 	if ((*a)[i] == NULL) {
 	    krb5_free_authdata(context, *a);
+	    *a = NULL;
 	    return KRB5_CC_NOMEM;
 	}
 	kret = krb5_krcc_parse_authdatum(context, id, (*a)[i], bc);
@@ -1624,8 +1625,10 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id,
 
     return KRB5_OK;
   errout:
-    if (*a)
+    if (*a) {
 	krb5_free_authdata(context, *a);
+	*a = NULL;
+    }
     return kret;
 }