From 721e80d6deece5ed6d7b2c1a160105830bf45b4b Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 1 Sep 2015 11:58:30 -0400 Subject: [PATCH] Fix krb5_rd_req() memory leak In release 1.13, commit eba8c4909ec7ba0d7054d5d1b1061319e9970cc7 (ticket #7232) introduced a memory leak when skipping keytab entries which do not match the application-provided server specification. Fix it by freeing the keytab entry before continuing the loop on a failure to match. [ghudson@mit.edu: commit message] (cherry picked from commit 3aa8506ee9e1f564e3f396eed5ac5616d7c54b34) ticket: 8239 version_fixed: 1.13.3 status: resolved --- src/lib/krb5/krb/rd_req_dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index df5ba7a35a..6defbdbf01 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -396,6 +396,7 @@ decrypt_ticket(krb5_context context, const krb5_ap_req *req, if (!krb5_sname_match(context, server, ent.principal)) { if (krb5_principal_compare(context, ent.principal, tkt_server)) tkt_server_mismatch = TRUE; + (void)krb5_free_keytab_entry_contents(context, &ent); continue; } found_server_match = TRUE; -- 2.47.3