Patch from Riverbed (Derrick Pallas) under the license of the files they are in:
Fix resource leak in heimdal/krb5/fcache/fcc_remove_cred In fcache, fcc_remove_cred generates a ccache called "newfile," which is not cleaned up if the final call (krb5_cc_move) fails. Free of uninitialized value in fcache/fcc_move(...) If init_fcc fails to acquire a file handle, sp will be uninitialized. If this is the case, the call to krb5_storage_free will dereference this uninitialized value, which causes undefined behaviour. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24944 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
		| @@ -770,7 +770,13 @@ fcc_remove_cred(krb5_context context, | |||||||
| 	return ret; | 	return ret; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     return krb5_cc_move(context, newfile, id); |     ret = krb5_cc_move(context, newfile, id); | ||||||
|  |     if (ret) { | ||||||
|  | 	krb5_cc_destroy(context, newfile); | ||||||
|  | 	return ret; | ||||||
|  |     } | ||||||
|  |      | ||||||
|  |     return ret; | ||||||
| } | } | ||||||
|  |  | ||||||
| static krb5_error_code | static krb5_error_code | ||||||
| @@ -914,7 +920,8 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) | |||||||
| 	krb5_storage *sp; | 	krb5_storage *sp; | ||||||
| 	int fd; | 	int fd; | ||||||
| 	ret = init_fcc (context, to, &sp, &fd); | 	ret = init_fcc (context, to, &sp, &fd); | ||||||
| 	krb5_storage_free(sp); | 	if (sp) | ||||||
|  | 	    krb5_storage_free(sp); | ||||||
| 	fcc_unlock(context, fd); | 	fcc_unlock(context, fd); | ||||||
| 	close(fd); | 	close(fd); | ||||||
|     } |     } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Love Hörnquist Åstrand
					Love Hörnquist Åstrand