Subject: | use of freed memory in gss_import_sec_context error path |
Date: | Fri, 5 Mar 2010 13:37:16 -0500 |
From: | "Arlene Berry" <aberry@likewise.com> |
To: | <krb5-bugs@mit.edu> |
This occurs as far back as 1.7.
Index: src/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/import_sec_context.c (revision 23762)
+++ src/lib/gssapi/krb5/import_sec_context.c (working copy)
@@ -106,12 +106,13 @@
ibp = (krb5_octet *) interprocess_token->value;
blen = (size_t) interprocess_token->length;
kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp,
&blen);
- krb5_free_context(context);
if (kret) {
*minor_status = (OM_uint32) kret;
save_error_info(*minor_status, context);
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
+ krb5_free_context(context);
/* intern the context handle */
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
Index: src/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/import_sec_context.c (revision 23762)
+++ src/lib/gssapi/krb5/import_sec_context.c (working copy)
@@ -106,12 +106,13 @@
ibp = (krb5_octet *) interprocess_token->value;
blen = (size_t) interprocess_token->length;
kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp,
&blen);
- krb5_free_context(context);
if (kret) {
*minor_status = (OM_uint32) kret;
save_error_info(*minor_status, context);
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
+ krb5_free_context(context);
/* intern the context handle */
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {