[31455] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.21]: Fix memory leak in PAC checksum verification
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Mon Aug 4 18:32:11 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20250804223206.B334C103EB9@krbdev.mit.edu>
Date: Mon, 4 Aug 2025 18:32:06 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/2b95628d83dc446437432c7e20b77523904d8d63
commit 2b95628d83dc446437432c7e20b77523904d8d63
Author: Arjun <pkillarjun@protonmail.com>
Date: Fri Oct 11 00:55:59 2024 +0530
Fix memory leak in PAC checksum verification
If the server checksum length is invalid, do proper cleanup in
verify_pac_checksums() before returning.
[ghudson@mit.edu: edited commit message]
(cherry picked from commit c03ac354436a7182962b4987d318a86cb7ac558b)
ticket: 9143
version_fixed: 1.21.4
src/lib/krb5/krb/pac.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 5d1fdf1ba..77adcd272 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -557,9 +557,11 @@ verify_pac_checksums(krb5_context context, const krb5_pac pac,
ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
&server_checksum);
if (ret)
- return ret;
- if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
- return KRB5_BAD_MSIZE;
+ goto cleanup;
+ if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;
server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
