[30324] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix leak on error in kadm5 randkey handling
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Oct 26 10:42:17 2018
Date: Fri, 26 Oct 2018 10:42:06 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201810261442.w9QEg6wL025881@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/c4bdb3a1c890149a472ed98a94cf85316b143265
commit c4bdb3a1c890149a472ed98a94cf85316b143265
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Oct 25 11:56:58 2018 -0400
Fix leak on error in kadm5 randkey handling
An attempt to change the kadmin/history key with the -keepold flag
would leak the KDB entry and keysalt tuple as it returned an error.
Use the cleanup handler instead of returning directly. Reported by
Bean Zhang.
ticket: 8759
tags: pullup
target_version: 1.16-next
target_version: 1.15-next
src/lib/kadm5/srv/svr_principal.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index a59a65e..21c53ec 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1564,8 +1564,10 @@ kadm5_randkey_principal_3(void *server_handle,
if (krb5_principal_compare(handle->context, principal, hist_princ)) {
/* If changing the history entry, the new entry must have exactly one
* key. */
- if (keepold)
- return KADM5_PROTECT_PRINCIPAL;
+ if (keepold) {
+ ret = KADM5_PROTECT_PRINCIPAL;
+ goto done;
+ }
new_n_ks_tuple = 1;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5