[16047] in Kerberos-V5-bugs
[krbdev.mit.edu #8695] Resource leak in krb5_524_conv_principal()
daemon@ATHENA.MIT.EDU (Bean Zhang via RT)
Thu Jun 14 23:46:53 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Bean Zhang via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8695@krbdev.mit.edu>
Message-ID: <rt-8695-48633.10.43728418191@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8695'":;
Date: Thu, 14 Jun 2018 23:46:47 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Hi Team,
In krb5-1.16.1/src/lib/krb5/krb/conv_princ.c,
krb5_524_conv_principal() calls profile_get_string() which allocates memory and stores into temp_realm,
but later if (tmp_realm_len > REALM_SZ - 1), before "return KRB5_INVALID_PRINCIPAL", does not free the storage temp_realm points to.
The fix is simple, just call "profile_release_string(tmp_realm);" before "return KRB5_INVALID_PRINCIPAL".
Could someone help to take a look?
Thanks,
Bean
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs