[16050] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8697] Resource leak in krb5_gss_inquire_cred()

daemon@ATHENA.MIT.EDU (Bean Zhang via RT)
Fri Jun 15 10:51:31 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Bean Zhang via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8697@krbdev.mit.edu>
Message-ID: <rt-8697-48635.5.94740140725897@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8697'":;
Date: Fri, 15 Jun 2018 10:51:19 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Hi Team,

krb5_gss_inquire_cred() in krb5-1.16.1/src/lib/gssapi/krb5/inq_cred.c
calls generic_gss_create_empty_oid_set() to create a empty oid set and store allocated memory to pointer "mechs"
but later if the code run into "goto fail", the storage mechs points to will not be freed when leaves this function.

The fix is to call gssalloc_free(mechs) in fail label.

Could someone help to take a look?

Thanks,
Bean

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post