Fix defcred leak in krb5 gss_inquire_cred()

Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory
management of krb5_gss_inquire_cred(), introducing defcred to act as
an owner pointer when the function must acquire a default credential.
The commit neglected to update the code to release the default cred
along the successful path.  The old code does not trigger because
cred_handle is now reassigned, so the default credential is leaked.

Reported by Pavel Březina.

(a minimal alternative to commit 593e16448e1af23eef74689afe06a7bcc86e79c7)

ticket: 9016
version_fixed: 1.19.2

diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c
index a8f2541102e7cfe661d0ec4718a685bc775b4d88..cd8384d08cd5fec83ee19cb66dca6ff431a97d5b 100644 (file)
--- a/src/lib/gssapi/krb5/inq_cred.c
+++ b/src/lib/gssapi/krb5/inq_cred.c
@@ -197,9 +197,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
         mechs = GSS_C_NO_OID_SET;
     }
 
-    if (cred_handle == GSS_C_NO_CREDENTIAL)
-        krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
-
+    krb5_gss_release_cred(minor_status, &defcred);
     krb5_free_context(context);
     *minor_status = 0;
     return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);