Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Length: 1686
>Submitter-Id: ? >Originator: Chris Long >Organization: Next Century >Confidential: no >Synopsis: gss_add_cred_from does not free credential if passed GSS_C_NO_CREDENTIAL and is successful >Severity: non-critical >Priority: low >Category: krb5-lib >Class: sw-bug >Release: 1.16.1 >System: Linux pc-5000-cl 4.13.0-43-generic #48~16.04.1-Ubuntu SMP Thu May 17 12:56:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux >Machine: x86_64 >Description: The function gss_add_cred_from, in g_acquire_cred.c, allocates union_cred if passed GSS_C_NO_CREDENTIAL for the input_cred_handle (line 399). However, it only frees this in the error condition (line 560). On success, this space is never freed. >How-To-Repeat: Call gss_ad_cred_from with GSS_C_NO_CREDENTIAL. Valgrind will report a memory leak. >Fix: Copy the free-ing code (lines 559-560) to the success condition (e.g., line 529).