Skip Menu |

From: Bean Zhang <>
To: "" <>
Subject: Resource leak in domain_fallback_realm()
Date: Thu, 14 Jun 2018 09:10:29 +0000

Hi Team,


In krb5-1.16.1/src/lib/krb5/os/hostrealm_domain.c,

domain_fallback_realm() assigns the storage returned from strdup() to uhost,

but later if calling profile_get_integer() fails, this function returns without freeing the storage uhost points to.


The fix is simple, just call "goto cleanup" instead of "return ret" if calling profile_get_integer() fails.


Could someone help to take a look?




Subject: git commit

Fix minor leak in krb5_get_fallback_host_realm()

In domain_fallback_realm(), if profile_get_integer() fails, uhost is
leaked. Fix this bug by using the cleanup handler instead of
returning immediately. Reported by Bean Zhang.
Author: Greg Hudson <>
Commit: 80ea4fe833c72e3be47509a3216eee726c5fdb26
Branch: master
src/lib/krb5/os/hostrealm_domain.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)