+2005-12-28 Tom Yu <tlyu@mit.edu>
+
+ * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Cause free_tgt and
+ free_otgt to track the states of tgt and otgt correctly, to avoid
+ a double-free condition which previously happened when this
+ function returned to krb5_get_credentials(), which proceeded to
+ free a previously freed TGT in the returned TGT list.
+
2005-10-19 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (t_ser): Add dl library and thread link options,
&tgtq.server)))
goto cleanup;
+ if (free_otgt)
+ krb5_free_cred_contents(context, &otgt);
otgt = tgt;
- free_otgt = 1;
+ free_otgt = free_tgt;
free_tgt = 0;
retval = krb5_cc_retrieve_cred(context, ccache, retr_flags,
&tgtq, &tgt);
if (retval == 0) {
- krb5_free_cred_contents(context, &otgt);
- free_otgt = 0;
free_tgt = 1;
/* We are now done - proceed to got/finally have tgt */
} else {
/* with current tgt. */
/* Copy back in case invalided */
tgt = otgt;
+ free_tgt = free_otgt;
free_otgt = 0;
- free_tgt = 1;
if (!krb5_c_valid_enctype(tgt.keyblock.enctype)) {
retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
&tgtq.server)))
goto cleanup;
+ if (free_otgt)
+ krb5_free_cred_contents(context, &otgt);
otgt = tgt;
- free_otgt = 1;
+ free_otgt = free_tgt;
free_tgt = 0;
retval = krb5_cc_retrieve_cred(context, ccache,
retr_flags,
&tgtq, &tgt);
if (retval == 0) {
- if (free_otgt)
- krb5_free_cred_contents(context, &otgt);
- free_otgt = 0;
free_tgt = 1;
/* Continues with 'got one as close as possible' */
} else {
/* not in the cache so try and get one with our current tgt. */
tgt = otgt;
+ free_tgt = free_otgt;
free_otgt = 0;
- free_tgt = 1;
if (!krb5_c_valid_enctype(tgt.keyblock.enctype)) {
retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
krb5_free_creds(context, tgtr);
tgtr = NULL;
- if (free_otgt) {
- krb5_free_cred_contents(context, &otgt);
- free_otgt = 0;
+ if (free_tgt) {
+ krb5_free_cred_contents(context, &tgt);
+ free_tgt = 0;
}
tgt = *ret_tgts[ntgts++];
projects / thirdparty / krb5.git / commitdiff
