Skip Menu |
 

Subject: memleak in decrypt_2ndtkt()
In decrypt_2ndtkt() there is:

retval = kdc_get_server_key(kdc_context, stkt,
flags,
TRUE, /* match_enctype */
&server, <<<< alloc'ed memory
&key,
&kvno);
if (retval != 0) {
*status = "2ND_TKT_SERVER";
goto cleanup;
}
retval = krb5_decrypt_tkt_part(kdc_context, key,
req->second_ticket[0]);
krb5_free_keyblock(kdc_context, key);
if (retval != 0) {
*status = "2ND_TKT_DECRYPT";
goto cleanup;
}
*server_out = server;
cleanup:
return retval;
}

If kdc_get_server_key() succeeds but krb5_decrypt_tkt_part() fails,
server is leaked.
From: ghudson@mit.edu
Subject: git commit

Fix memory leak on error in KDC decrypt_2ndtkt()

Make sure to release the server principal entry in the cleanup handler
if it is not assigned to the output parameter. Reported by Will
Fiveash.

https://github.com/krb5/krb5/commit/a1faaa4d6a404e3103f45e639b8890c3b141dfe1
Author: Greg Hudson <ghudson@mit.edu>
Commit: a1faaa4d6a404e3103f45e639b8890c3b141dfe1
Branch: master
src/kdc/do_tgs_req.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix memory leak on error in KDC decrypt_2ndtkt()

Make sure to release the server principal entry in the cleanup handler
if it is not assigned to the output parameter. Reported by Will
Fiveash.

(cherry picked from commit a1faaa4d6a404e3103f45e639b8890c3b141dfe1)

https://github.com/krb5/krb5/commit/ccb1b1ade68c22bb263a42349424bdf0506ac533
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: ccb1b1ade68c22bb263a42349424bdf0506ac533
Branch: krb5-1.14
src/kdc/do_tgs_req.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix memory leak on error in KDC decrypt_2ndtkt()

Make sure to release the server principal entry in the cleanup handler
if it is not assigned to the output parameter. Reported by Will
Fiveash.

(cherry picked from commit a1faaa4d6a404e3103f45e639b8890c3b141dfe1)

https://github.com/krb5/krb5/commit/94ea7ae4039c553b3d7df5da384240d612782ba1
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 94ea7ae4039c553b3d7df5da384240d612782ba1
Branch: krb5-1.13
src/kdc/do_tgs_req.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)