2550a37b4f
- pull in fix from master to avoid a memory leak in a couple of error cases which could occur while obtaining acceptor credentials (RT#7805, part of #1043962)
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
commit decccbcb5075f8fbc28a535a9b337afc84a15dee
|
|
Author: Greg Hudson <ghudson@mit.edu>
|
|
Date: Mon Dec 16 15:37:56 2013 -0500
|
|
|
|
Fix GSS krb5 acceptor acquire_cred error handling
|
|
|
|
When acquiring acceptor creds with a specified name, if we fail to
|
|
open a replay cache, we leak the keytab handle. If there is no
|
|
specified name and we discover that there is no content in the keytab,
|
|
we leak the keytab handle and return the wrong major code. Memory
|
|
leak reported by Andrea Campi.
|
|
|
|
ticket: 7805
|
|
target_version: 1.12.1
|
|
tags: pullup
|
|
|
|
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
|
|
index 0efcad4..9547207 100644
|
|
--- a/src/lib/gssapi/krb5/acquire_cred.c
|
|
+++ b/src/lib/gssapi/krb5/acquire_cred.c
|
|
@@ -225,6 +225,7 @@ acquire_accept_cred(krb5_context context,
|
|
code = krb5_get_server_rcache(context, &cred->name->princ->data[0],
|
|
&cred->rcache);
|
|
if (code) {
|
|
+ krb5_kt_close(context, kt);
|
|
*minor_status = code;
|
|
return GSS_S_FAILURE;
|
|
}
|
|
@@ -232,8 +233,9 @@ acquire_accept_cred(krb5_context context,
|
|
/* Make sure we have a keytab with keys in it. */
|
|
code = krb5_kt_have_content(context, kt);
|
|
if (code) {
|
|
+ krb5_kt_close(context, kt);
|
|
*minor_status = code;
|
|
- return GSS_S_FAILURE;
|
|
+ return GSS_S_CRED_UNAVAIL;
|
|
}
|
|
}
|
|
|