[31035] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.18]: Fix defcred leak in krb5 gss_inquire_cred()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jul 21 14:32:30 2021
Date: Wed, 21 Jul 2021 14:32:00 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202107211832.16LIW0d2003596@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: multipart/mixed; boundary="===============8269428973025632613=="
Errors-To: cvs-krb5-bounces@mit.edu
--===============8269428973025632613==
Content-Type: text/plain
https://github.com/krb5/krb5/commit/b92be484630b38e26f5ee4bd67973fbd7627009c
commit b92be484630b38e26f5ee4bd67973fbd7627009c
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Jul 21 13:44:30 2021 -0400
Fix defcred leak in krb5 gss_inquire_cred()
Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory
management of krb5_gss_inquire_cred(), introducing defcred to act as
an owner pointer when the function must acquire a default credential.
The commit neglected to update the code to release the default cred
along the successful path. The old code does not trigger because
cred_handle is now reassigned, so the default credential is leaked.
Reported by Pavel Březina.
(a minimal alternative to commit 593e16448e1af23eef74689afe06a7bcc86e79c7)
ticket: 9016
version_fixed: 1.18.4
src/lib/gssapi/krb5/inq_cred.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c
index a8f2541..cd8384d 100644
--- a/src/lib/gssapi/krb5/inq_cred.c
+++ b/src/lib/gssapi/krb5/inq_cred.c
@@ -197,9 +197,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
mechs = GSS_C_NO_OID_SET;
}
- if (cred_handle == GSS_C_NO_CREDENTIAL)
- krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
-
+ krb5_gss_release_cred(minor_status, &defcred);
krb5_free_context(context);
*minor_status = 0;
return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
--===============8269428973025632613==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
--===============8269428973025632613==--
