Skip Menu |
 

From: Andrea Campi <andrea.campi@gmail.com>
Date: Sat, 14 Dec 2013 22:23:19 -0800
Subject: Potential leaks in error paths in acquire_accept_cred
To: krb5-bugs@mit.edu
The error handling if() blocks at lines 227 and 234 of src/lib/gssapi/krb5/acquire_cred.c are missing krb5_kt_close(context, kt);

I don't have a test case, but we noticed while debugging a similar problem. 
From: ghudson@mit.edu
Subject: git commit

Fix GSS krb5 acceptor acquire_cred error handling

When acquiring acceptor creds with a specified name, if we fail to
open a replay cache, we leak the keytab handle. If there is no
specified name and we discover that there is no content in the keytab,
we leak the keytab handle and return the wrong major code. Memory
leak reported by Andrea Campi.

https://github.com/krb5/krb5/commit/decccbcb5075f8fbc28a535a9b337afc84a15dee
Author: Greg Hudson <ghudson@mit.edu>
Commit: decccbcb5075f8fbc28a535a9b337afc84a15dee
Branch: master
src/lib/gssapi/krb5/acquire_cred.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix GSS krb5 acceptor acquire_cred error handling

When acquiring acceptor creds with a specified name, if we fail to
open a replay cache, we leak the keytab handle. If there is no
specified name and we discover that there is no content in the keytab,
we leak the keytab handle and return the wrong major code. Memory
leak reported by Andrea Campi.

(cherry picked from commit decccbcb5075f8fbc28a535a9b337afc84a15dee)

https://github.com/krb5/krb5/commit/1407fd928724300376162a1f29035ce8c25be9db
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 1407fd928724300376162a1f29035ce8c25be9db
Branch: krb5-1.12
src/lib/gssapi/krb5/acquire_cred.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)