When acquiring acceptor creds with a specified name, if we fail to
open a replay cache, we leak the keytab handle. If there is no
specified name and we discover that there is no content in the keytab,
we leak the keytab handle and return the wrong major code. Memory
leak reported by Andrea Campi.
(cherry picked from commit
decccbcb5075f8fbc28a535a9b337afc84a15dee)
ticket: 7844 (new)
version_fixed: 1.10.8
status: resolved
assert(cred->name == NULL);
code = kg_duplicate_name(context, desired_name, &cred->name);
if (code) {
+ krb5_kt_close(context, kt);
*minor_status = code;
return GSS_S_FAILURE;
}
code = krb5_get_server_rcache(context, &desired_name->princ->data[0],
&cred->rcache);
if (code) {
+ krb5_kt_close(context, kt);
*minor_status = code;
- return GSS_S_FAILURE;
+ return GSS_S_CRED_UNAVAIL;
}
}
projects / thirdparty / krb5.git / commitdiff
