[29711] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix unlikely leak in KDC AS-REQ error path
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Sep 23 13:03:29 2016
Date: Fri, 23 Sep 2016 13:03:25 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201609231703.u8NH3Pif000413@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/8d852c577039d59e1bea383e4ddfe575c20f240d
commit 8d852c577039d59e1bea383e4ddfe575c20f240d
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Sep 22 02:21:39 2016 -0400
Fix unlikely leak in KDC AS-REQ error path
In prepare_error_as(), if krb5_us_timeofday() fails and error pa-data
was supplied, the FAST cookie and a shallow copy of the error padata
can be leaked. Reported by Will Fiveash.
ticket: 8498
target_version: 1.14-next
tags: pullup
src/kdc/do_as_req.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 5440949..712ccb7 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -859,7 +859,7 @@ prepare_error_as(struct kdc_request_state *rstate, krb5_kdc_req *request,
retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec);
if (retval)
- return retval;
+ goto cleanup;
errpkt.error = error;
errpkt.server = request->server;
errpkt.client = (error == KDC_ERR_WRONG_REALM) ? canon_client :
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
