Patch from Riverbed (Derrick Pallas) under the license of the files they are in:
Fix resource leak in heimdal/krb5/fcache/fcc_remove_cred In fcache, fcc_remove_cred generates a ccache called "newfile," which is not cleaned up if the final call (krb5_cc_move) fails. Free of uninitialized value in fcache/fcc_move(...) If init_fcc fails to acquire a file handle, sp will be uninitialized. If this is the case, the call to krb5_storage_free will dereference this uninitialized value, which causes undefined behaviour. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24944 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -770,7 +770,13 @@ fcc_remove_cred(krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
return krb5_cc_move(context, newfile, id);
|
||||
ret = krb5_cc_move(context, newfile, id);
|
||||
if (ret) {
|
||||
krb5_cc_destroy(context, newfile);
|
||||
return ret;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
@@ -914,7 +920,8 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
|
||||
krb5_storage *sp;
|
||||
int fd;
|
||||
ret = init_fcc (context, to, &sp, &fd);
|
||||
krb5_storage_free(sp);
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
fcc_unlock(context, fd);
|
||||
close(fd);
|
||||
}
|
||||
|
Reference in New Issue
Block a user