Subject: krb5_gss_get_name_attribute minor cleanup issue
When krb5_gss_get_name_attribute finishes retrieving attributes with
krb5_authdata_get_attribute, it needs to convert to krb5_data objects to
GSS buffers, which on Windows means reallocating and copying.
Currently, if the second of those buffer conversions fails, allocated
memory for the first buffer has already been transferred to caller
control. This could result in a leak, since a caller who gets an error
return from gss_get_name_attribute won't necessarily release the buffers
it passed in.
To fix this cleanly, the code should be restructured so that buffer
conversions are performed before success is determined, with the results
stored in local variables which are cleaned up on failure. Then, that
memory can be transferred to caller variables in the final part of the
function with error-free assignments.
Download (untitled) 833b