Fix cursor leak in krb5_verify_init_creds

author Greg Hudson <ghudson@mit.edu>

Mon, 20 Oct 2014 17:19:26 +0000 (13:19 -0400)

committer Greg Hudson <ghudson@mit.edu>

Wed, 22 Oct 2014 16:11:35 +0000 (12:11 -0400)
author Greg Hudson <ghudson@mit.edu>
Mon, 20 Oct 2014 17:19:26 +0000 (13:19 -0400)
committer Greg Hudson <ghudson@mit.edu>
Wed, 22 Oct 2014 16:11:35 +0000 (12:11 -0400)
diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c

index 48339923529be6d46947071943d8eac599162a5b..8ceab7d8a90bcce75ebe246fa6b84b25aec44549 100644 (file)
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -56,7 +56,7 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
                    krb5_ccache outcc, krb5_principal princ)
  {
      krb5_error_code ret, ret2;
-    krb5_cc_cursor cur;
+    krb5_cc_cursor cur = NULL;
      krb5_creds creds;
  
      /* Turn off TC_OPENCLOSE on input ccache. */
@@ -79,9 +79,13 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
  
      if (ret != KRB5_CC_END)
          goto cleanup;
-    ret = 0;
+
+    ret = krb5_cc_end_seq_get(context, incc, &cur);
+    cur = NULL;
  
  cleanup:
+    if (cur != NULL)
+        (void)krb5_cc_end_seq_get(context, incc, &cur);
      ret2 = krb5_cc_set_flags(context, incc, KRB5_TC_OPENCLOSE);
      return (ret == 0) ? ret2 : ret;
  }
author	Greg Hudson <ghudson@mit.edu>
	Mon, 20 Oct 2014 17:19:26 +0000 (13:19 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 22 Oct 2014 16:11:35 +0000 (12:11 -0400)