Skip Menu |
 

Subject: use of freed memory in gss_import_sec_context error path
Date: Fri, 5 Mar 2010 13:37:16 -0500
From: "Arlene Berry" <aberry@likewise.com>
To: <krb5-bugs@mit.edu>
This occurs as far back as 1.7.

Index: src/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/import_sec_context.c (revision 23762)
+++ src/lib/gssapi/krb5/import_sec_context.c (working copy)
@@ -106,12 +106,13 @@
ibp = (krb5_octet *) interprocess_token->value;
blen = (size_t) interprocess_token->length;
kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp,
&blen);
- krb5_free_context(context);
if (kret) {
*minor_status = (OM_uint32) kret;
save_error_info(*minor_status, context);
+ krb5_free_context(context);
return(GSS_S_FAILURE);
}
+ krb5_free_context(context);

/* intern the context handle */
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
From: tlyu@mit.edu
Subject: SVN Commit

Apply patch from Arlene Berry to not use freed memory in
gss_import_sec_context in some error paths.

https://github.com/krb5/krb5/commit/0e5cd3f9b69cd10df18f86d96a65de777fa25696
Commit By: tlyu
Revision: 23834
Changed Files:
U trunk/src/lib/gssapi/krb5/import_sec_context.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r23834 from trunk

------------------------------------------------------------------------
r23834 | tlyu | 2010-03-23 15:00:13 -0700 (Tue, 23 Mar 2010) | 7 lines

ticket: 6678
target_version: 1.8.1
tags: pullup

Apply patch from Arlene Berry to not use freed memory in
gss_import_sec_context in some error paths.

https://github.com/krb5/krb5/commit/f5cbaf9e5a3d3ee2e7a38159510ce9c8ed06af64
Commit By: tlyu
Revision: 23835
Changed Files:
U branches/krb5-1-8/src/lib/gssapi/krb5/import_sec_context.c