[29662] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.13]: Fix leak in
daemon@ATHENA.MIT.EDU (Tom Yu)
Fri Sep 9 14:55:07 2016
Date: Fri, 9 Sep 2016 14:48:19 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201609091848.u89ImJ6A000610@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/2cd4ec15e28f669e650c71a52c2a755a982820e2
commit 2cd4ec15e28f669e650c71a52c2a755a982820e2
Author: Seemant Choudhary <seemant@soha.io>
Date: Wed Aug 24 12:20:01 2016 -0400
Fix leak in krb5_server_decrypt_ticket_keytab()
When we skip a keytab entry because it is of the wrong enctype, free
it before continuing.
(cherry picked from commit 9984c2343c96f3aaaf8a8d6dfc1b6de1eae533c2)
ticket: 8482
version_fixed: 1.13.7
src/lib/krb5/krb/srv_dec_tkt.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c
index 708a25f..6c92252 100644
--- a/src/lib/krb5/krb/srv_dec_tkt.c
+++ b/src/lib/krb5/krb/srv_dec_tkt.c
@@ -99,8 +99,10 @@ krb5_server_decrypt_ticket_keytab(krb5_context context,
retval = KRB5_KT_NOTFOUND;
while ((code = krb5_kt_next_entry(context, keytab,
&ktent, &cursor)) == 0) {
- if (ktent.key.enctype != ticket->enc_part.enctype)
+ if (ktent.key.enctype != ticket->enc_part.enctype) {
+ (void) krb5_free_keytab_entry_contents(context, &ktent);
continue;
+ }
retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
if (retval == 0) {
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
