Skip Menu |
 

From: Bean Zhang <bean.zhang@wesoft.com>
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
Subject: Resource leak in domain_fallback_realm()
Date: Thu, 14 Jun 2018 09:10:29 +0000

Hi Team,

 

In krb5-1.16.1/src/lib/krb5/os/hostrealm_domain.c,

domain_fallback_realm() assigns the storage returned from strdup() to uhost,

but later if calling profile_get_integer() fails, this function returns without freeing the storage uhost points to.

 

The fix is simple, just call "goto cleanup" instead of "return ret" if calling profile_get_integer() fails.

 

Could someone help to take a look?

 

Thanks,

Bean

From: ghudson@mit.edu
Subject: git commit

Fix minor leak in krb5_get_fallback_host_realm()

In domain_fallback_realm(), if profile_get_integer() fails, uhost is
leaked. Fix this bug by using the cleanup handler instead of
returning immediately. Reported by Bean Zhang.

https://github.com/krb5/krb5/commit/80ea4fe833c72e3be47509a3216eee726c5fdb26
Author: Greg Hudson <ghudson@mit.edu>
Commit: 80ea4fe833c72e3be47509a3216eee726c5fdb26
Branch: master
src/lib/krb5/os/hostrealm_domain.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)