[11443] in Kerberos-V5-bugs
[krbdev.mit.edu #6678] use of freed memory in gss_import_sec_context
daemon@ATHENA.MIT.EDU (Arlene Berry" via RT)
Fri Mar 5 18:26:19 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: ""Arlene Berry" via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6678@krbdev.mit.edu>
Message-ID: <rt-6678-32571.19.5264567068259@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6678'":;"'AdminCc of krbdev.mit.edu Ticket #6678'":;@MIT.EDU
Date: Fri, 5 Mar 2010 18:26:18 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
This occurs as far back as 1.7.
Index: src/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/import_sec_context.c (revision 23762)
+++ src/lib/gssapi/krb5/import_sec_context.c (working copy)
@@ -106,12 +106,13 @@
ibp = (krb5_octet *) interprocess_token->value;
blen = (size_t) interprocess_token->length;
kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp,
&blen);
- krb5_free_context(context);
if (kret) {
*minor_status = (OM_uint32) kret;
save_error_info(*minor_status, context);
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
+ krb5_free_context(context);
/* intern the context handle */
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
