[29053] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix krb5_rd_req() memory leak
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Sep 14 20:01:26 2015
Date: Mon, 14 Sep 2015 20:01:22 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201509150001.t8F01M53009841@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/3aa8506ee9e1f564e3f396eed5ac5616d7c54b34
commit 3aa8506ee9e1f564e3f396eed5ac5616d7c54b34
Author: Nicolas Williams <nico@twosigma.com>
Date: Tue Sep 1 11:58:30 2015 -0400
Fix krb5_rd_req() memory leak
In release 1.13, commit eba8c4909ec7ba0d7054d5d1b1061319e9970cc7
(ticket #7232) introduced a memory leak when skipping keytab entries
which do not match the application-provided server specification. Fix
it by freeing the keytab entry before continuing the loop on a failure
to match.
[ghudson@mit.edu: commit message]
ticket: 8239 (new)
target_version: 1.13.3
tags: pullup
src/lib/krb5/krb/rd_req_dec.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index df5ba7a..6defbdb 100644
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -396,6 +396,7 @@ decrypt_ticket(krb5_context context, const krb5_ap_req *req,
if (!krb5_sname_match(context, server, ent.principal)) {
if (krb5_principal_compare(context, ent.principal, tkt_server))
tkt_server_mismatch = TRUE;
+ (void)krb5_free_keytab_entry_contents(context, &ent);
continue;
}
found_server_match = TRUE;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5