Skip Menu |

From: Bean Zhang <>
To: "" <>
Subject: Resource leak in aname_replacer()
Date: Fri, 15 Jun 2018 09:12:40 +0000
Hi Team,

aname_replacer() in krb5-1.16.1/src/lib/krb5/os/localauth_rule.c
assigns a allocated memory by calling strdup() to pointer current,
later if runs into any "goto cleanup", the allocated momory
"current" points to will not be freed when leaves this function.

The fix is to call free(current) before "goto cleanup".

Could someone help to take a look?

Subject: git commit

Fix minor leak in localauth RULE handling

In aname_replacer(), initialize current, null it when transferring
ownership to the caller, and free it on cleanup. Otherwise it leaks
on failure. Reported by Bean Zhang.
Author: Greg Hudson <>
Commit: dbc2ccd6d9ff546e2f4af54898c952ffa4eebf44
Branch: master
src/lib/krb5/os/localauth_rule.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)