[30338] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.16]: Fix leak on error in kadm5 randkey handling
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Oct 30 12:26:22 2018
Date: Tue, 30 Oct 2018 12:26:07 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201810301626.w9UGQ7dR009382@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/60766c9854e8a03afdd22258b38832a13fb584ff
commit 60766c9854e8a03afdd22258b38832a13fb584ff
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Oct 25 11:56:58 2018 -0400
Fix leak on error in kadm5 randkey handling
An attempt to change the kadmin/history key with the -keepold flag
would leak the KDB entry and keysalt tuple as it returned an error.
Use the cleanup handler instead of returning directly. Reported by
Bean Zhang.
(cherry picked from commit c4bdb3a1c890149a472ed98a94cf85316b143265)
ticket: 8759
version_fixed: 1.16.2
src/lib/kadm5/srv/svr_principal.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index a59a65e..21c53ec 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1564,8 +1564,10 @@ kadm5_randkey_principal_3(void *server_handle,
if (krb5_principal_compare(handle->context, principal, hist_princ)) {
/* If changing the history entry, the new entry must have exactly one
* key. */
- if (keepold)
- return KADM5_PROTECT_PRINCIPAL;
+ if (keepold) {
+ ret = KADM5_PROTECT_PRINCIPAL;
+ goto done;
+ }
new_n_ks_tuple = 1;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
