Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 3262A3F0F2; Fri, 5 Mar 2010 18:26:17 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o25NQHq7015255; Fri, 5 Mar 2010 18:26:17 -0500 Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o25IcwwY005191 for ; Fri, 5 Mar 2010 13:38:58 -0500 Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.36]) by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id o25IcTta021019 for ; Fri, 5 Mar 2010 13:38:58 -0500 X-Auditid: 12074424-b7b5bae00000096e-f2-4b914fc16d32 Received: from sh6.exchange.ms (sh6.exchange.ms [64.71.238.89]) by dmz-mailsec-scanner-7.mit.edu (Symantec Brightmail Gateway) with SMTP id D8.15.02414.1CF419B4; Fri, 5 Mar 2010 13:38:58 -0500 (EST) Received: from outbound.mse3.exchange.ms (unknown [10.0.25.203]) by sh6.exchange.ms (Postfix) with ESMTP id 332F211C3D3 for ; Fri, 5 Mar 2010 13:36:45 -0500 (EST) X-Mimeole: Produced By Microsoft Exchange V6.5 X-CR-Puzzleid: {8CA1121B-6DC8-426E-9395-4562C0F48D58} MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-CR-Hashedpuzzle: ZPA= BKPg CS0I CtOu C3z3 Deo2 DjyB Em4F EuFK EzRG FHBQ FSjv GVIe IdLU JSnM JlrG; 1; awByAGIANQAtAGIAdQBnAHMAQABtAGkAdAAuAGUAZAB1AA==; Sosha1_v1; 7; {8CA1121B-6DC8-426E-9395-4562C0F48D58}; YQBiAGUAcgByAHkAQABsAGkAawBlAHcAaQBzAGUALgBjAG8AbQA=; Fri, 05 Mar 2010 18:37:17 GMT; dQBzAGUAIABvAGYAIABmAHIAZQBlAGQAIABtAGUAbQBvAHIAeQAgAGkAbgAgAGcAcwBzAF8AaQBtAHAAbwByAHQAXwBzAGUAYwBfAGMAbwBuAHQAZQB4AHQAIABlAHIAcgBvAHIAIABwAGEAdABoAA== Content-Class: urn:content-classes:message Subject: use of freed memory in gss_import_sec_context error path Date: Fri, 5 Mar 2010 13:37:16 -0500 Message-ID: <23447137FA0DAA4D95EF535FF356BE4604155345@mse3be2.mse3.exchange.ms> X-MS-Has-Attach: X-MS-Tnef-Correlator: Thread-Topic: use of freed memory in gss_import_sec_context error path Thread-Index: Acq8kuEFf1iunJDKRjylOd60FKKfag== From: "Arlene Berry" To: X-Brightmail-Tracker: AAAAAA== Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id o25IcwwY005191 X-Mailman-Approved-At: Fri, 05 Mar 2010 18:26:16 -0500 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 813 This occurs as far back as 1.7. Index: src/lib/gssapi/krb5/import_sec_context.c =================================================================== --- src/lib/gssapi/krb5/import_sec_context.c (revision 23762) +++ src/lib/gssapi/krb5/import_sec_context.c (working copy) @@ -106,12 +106,13 @@ ibp = (krb5_octet *) interprocess_token->value; blen = (size_t) interprocess_token->length; kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen); - krb5_free_context(context); if (kret) { *minor_status = (OM_uint32) kret; save_error_info(*minor_status, context); + krb5_free_context(context); return(GSS_S_FAILURE); } + krb5_free_context(context); /* intern the context handle */ if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {