[28220] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.10]: Fix GSS krb5 acceptor acquire_cred error

daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Jan 22 22:38:12 2014

Date: Wed, 22 Jan 2014 22:38:00 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201401230338.s0N3c0HQ031052@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/0eb2c1a21af5028c0dd0334e0c01566fa1175052
commit 0eb2c1a21af5028c0dd0334e0c01566fa1175052
Author: Greg Hudson <ghudson@mit.edu>
Date:   Mon Dec 16 15:37:56 2013 -0500

    Fix GSS krb5 acceptor acquire_cred error handling
    
    When acquiring acceptor creds with a specified name, if we fail to
    open a replay cache, we leak the keytab handle.  If there is no
    specified name and we discover that there is no content in the keytab,
    we leak the keytab handle and return the wrong major code.  Memory
    leak reported by Andrea Campi.
    
    (cherry picked from commit decccbcb5075f8fbc28a535a9b337afc84a15dee)
    
    ticket: 7844 (new)
    version_fixed: 1.10.8
    status: resolved

 src/lib/gssapi/krb5/acquire_cred.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index c815b35..a7a209e 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -243,6 +243,7 @@ acquire_accept_cred(krb5_context context,
         assert(cred->name == NULL);
         code = kg_duplicate_name(context, desired_name, &cred->name);
         if (code) {
+            krb5_kt_close(context, kt);
             *minor_status = code;
             return GSS_S_FAILURE;
         }
@@ -251,8 +252,9 @@ acquire_accept_cred(krb5_context context,
         code = krb5_get_server_rcache(context, &desired_name->princ->data[0],
                                       &cred->rcache);
         if (code) {
+            krb5_kt_close(context, kt);
             *minor_status = code;
-            return GSS_S_FAILURE;
+            return GSS_S_CRED_UNAVAIL;
         }
     }
 
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post