[16064] in Kerberos-V5-bugs
[krbdev.mit.edu #8704] Resource leak in read_secret_file()
daemon@ATHENA.MIT.EDU (Bean Zhang via RT)
Wed Jun 20 10:54:53 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Bean Zhang via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8704@krbdev.mit.edu>
Message-ID: <rt-8704-48668.9.7920642235227@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8704'":;
Date: Wed, 20 Jun 2018 10:54:47 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Hi Team,
In read_secret_file() of krb5-1.16.1/src/plugins/preauth/otp/otp_state.c,
When calls k5_path_join(), will store the allocated memory to filename,
later if this function returns, it does not free the memory filename points to.
The fix is to call "free(filename)" before function returns.
Could someone help to take a look?
Thanks,
Bean
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs