Fix unlikely memory error in krb5_rd_cred

If an error occurs in the for loop in krb5_rd_cred_basic (which should
only happen on an ENOMEM), do not leave the caller with a dangling
reference to the freed credential array.

ticket: 7908 (new)
target_version: 1.12.2

diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c
index 8be7f81d6f7e5c5c33589ef631266e35d895cd47..acc05c99bcc978032d9180ff7c853c1987d691d2 100644 (file)
--- a/src/lib/krb5/krb/rd_cred.c
+++ b/src/lib/krb5/krb/rd_cred.c
@@ -170,8 +170,10 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata,
     (*pppcreds)[i] = NULL;
 
 cleanup:
-    if (retval)
+    if (retval) {
         krb5_free_tgt_creds(context, *pppcreds);
+        *pppcreds = NULL;
+    }
 
 cleanup_cred:
     krb5_free_cred(context, pcred);