From 9755aac29ccaac6977a93aa4305963ac29748641 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 12 Jul 2005 19:56:56 +0000
Subject: fix MITKRB5-SA-2005-002 KDC double-free and heap overflow

Fix for MITKRB5-SA-2005-002

* KDC double-free [CAN-2005-1174, VU#259798]
* krb5_unparse_name heap overflow [CAN-2005-1175, VU#885830]

Thanks to Daniel Wachdorf.

ticket: new
flags: pullup
target_version: 1.4.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17298 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/do_as_req.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/kdc/do_as_req.c')

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index f292a17..2916cfe 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -523,6 +523,10 @@ prepare_error_as (krb5_kdc_req *request, int error, krb5_data *e_data,
 
     retval = krb5_mk_error(kdc_context, &errpkt, scratch);
     free(errpkt.text.data);
-    *response = scratch;
+    if (retval)
+	free(scratch);
+    else 
+	*response = scratch;
+
     return retval;
 }
-- 
cgit v1.1