[31488] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix krb5 gss_acquire_cred() leak on some errors
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Fri Nov 21 18:14:58 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20251121231452.33472103FBC@krbdev.mit.edu>
Date: Fri, 21 Nov 2025 18:14:52 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/a6512164a71ca2ade20d1cf3bf89b3973092eb48
commit a6512164a71ca2ade20d1cf3bf89b3973092eb48
Author: benpope81 <benpope81@gmail.com>
Date: Tue Nov 11 12:13:56 2025 +0000
Fix krb5 gss_acquire_cred() leak on some errors
When a krb5 acceptor cred is acquired with a specified name, a late
enough failure can leak the acceptor_mprinc field. Fix this leak by
freeing the field in the acquire_cred_context() error_out cleanup
code.
[ghudson@mit.edu: rewrote commit message]
ticket: 9189 (new)
tags: pullup
target_version: 1.22-next
src/lib/gssapi/krb5/acquire_cred.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index aa1a486dc..12e6b7ea8 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -912,6 +912,7 @@ error_out:
if (cred->name)
kg_release_name(context, &cred->name);
krb5_free_principal(context, cred->impersonator);
+ krb5_free_principal(context, cred->acceptor_mprinc);
zapfreestr(cred->password);
k5_mutex_destroy(&cred->lock);
xfree(cred);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
