Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 791


Fix kadm5/gssrpc XDR double free [CVE-2014-9421]

[MITKRB5-SA-2015-001] In auth_gssapi_unwrap_data(), do not free
partial deserialization results upon failure to deserialize.  This
responsibility belongs to the callers, svctcp_getargs() and
svcudp_getargs(); doing it in the unwrap function results in freeing
the results twice.

In xdr_krb5_tl_data() and xdr_krb5_principal(), null out the pointers
we are freeing, as other XDR functions such as xdr_bytes() and
xdr_string().

https://github.com/krb5/krb5/commit/a197e92349a4aa2141b5dff12e9dd44c2a2166e3
Author: Greg Hudson <ghudson@mit.edu>
Commit: a197e92349a4aa2141b5dff12e9dd44c2a2166e3
Branch: master
 src/lib/kadm5/kadm_rpc_xdr.c   |    2 ++
 src/lib/rpc/auth_gssapi_misc.c |    1 -
 2 files changed, 2 insertions(+), 1 deletions(-)