Return-Path: Received: from mail.mev.co.uk (mail.mev.co.uk [62.49.15.74]) by krbdev.mit.edu (Postfix) with ESMTP id 5CB2F3DF08 for ; Mon, 6 Feb 2012 06:38:42 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mail.mev.co.uk (Postfix) with ESMTP id 935673F031 for ; Mon, 6 Feb 2012 11:38:41 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at mail.mev.co.uk Received: from mail.mev.co.uk ([127.0.0.1]) by localhost (mantis.mev.local [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OrJ_YEqm4oqX for ; Mon, 6 Feb 2012 11:38:39 +0000 (GMT) Received: from remote.mev.co.uk (mev2008.mev.local [10.0.0.1]) by mail.mev.co.uk (Postfix) with ESMTPS id 9C38B3F011 for ; Mon, 6 Feb 2012 11:38:39 +0000 (GMT) Received: from [10.0.0.210] (10.0.0.210) by MEV2008.mev.local (10.0.0.1) with Microsoft SMTP Server (TLS) id 8.1.436.0; Mon, 6 Feb 2012 11:38:38 +0000 Message-ID: <4F2FBBBE.4060609@mev.co.uk> Date: Mon, 6 Feb 2012 11:38:38 +0000 From: Ian Abbott User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:10.0) Gecko/20120129 Thunderbird/10.0 MIME-Version: 1.0 To: "rt@krbdev.mit.edu" Subject: Re: [krbdev.mit.edu #7087] AutoReply: [BUG krb5-1.10] krb5_gss_get_name_attribute References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit RT-Send-Cc: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1199 > if (display_value != NULL) { > if (code != 0) > code = data_to_gss(&kdisplay_value, display_value); > else > free(kdisplay_value.data); > } Also, in the same region of code: If the call data_to_gss(&kdisplay_value, display_value) fails with an error (which can only happen #ifdef _WIN32), the preceding call data_to_gss(&kvalue, value) has now passed responsibility for the buffer value->value to the caller even though krb5_gss_get_name_attribute() is returning a failure code. In this case, one solution would be to free value->value, and since kvalue now has empty data, repeat the call data_to_gss(&kvalue, value) which shouldn't fail as it shouldn't have to allocate anything. if (display_value != NULL) { if (code == 0) { code = data_to_gss(&kdisplay_value, display_value); if (code != 0 && value != NULL) { /* Cleanup. N.B. kvalue is empty_data() */ free(value->value); data_to_gss(&kvalue, value); } } else free(kdisplay_value.data); }