[29556] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix leak in key change operations
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Aug 10 13:56:11 2016
Date: Wed, 10 Aug 2016 13:51:43 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201608101751.u7AHphW1009537@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/19ad1a36f0c133725981edf3dde8fe078a8285b1
commit 19ad1a36f0c133725981edf3dde8fe078a8285b1
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Jun 28 22:20:22 2016 -0400
Fix leak in key change operations
In preserve_one_old_key(), if the initial decryption in the current
master key succeeds, free the decrypted keyblock contents before
exiting.
ticket: 8446 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
src/lib/kdb/kdb_cpw.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index ead06ec..03efc28 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -106,6 +106,7 @@ preserve_one_old_key(krb5_context context, krb5_keyblock *mkey,
/* old_kd is already encrypted in mkey, so just move it. */
*new_kd = *old_kd;
memset(old_kd, 0, sizeof(*old_kd));
+ krb5_free_keyblock_contents(context, &kb);
return 0;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
