From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 21 Oct 2016 06:06:18 +0000 (-0400)
Subject: Fix rare leak in krb5_cccol_have_content()
X-Git-Tag: krb5-1.16-beta1~213
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1735f2e74767e56ac3bd75de61d41b8363ec6ce4;p=thirdparty%2Fkrb5.git

Fix rare leak in krb5_cccol_have_content()

If krb5_cc_start_seq_get() fails inside the loop, close the current
credential cache before continuing to the next one.  Reported by Todd
Lipcon.

ticket: 8509
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
---

diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 281f1280c4..c31a3f5f0b 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -255,8 +255,10 @@ krb5_cccol_have_content(krb5_context context)
 
         ret = krb5_cc_start_seq_get(context, cache, &cache_cursor);
         save_first_error(context, ret, &errsave);
-        if (ret)
+        if (ret) {
+            krb5_cc_close(context, cache);
             continue;
+        }
         while (!found) {
             ret = krb5_cc_next_cred(context, cache, &cache_cursor, &creds);
             save_first_error(context, ret, &errsave);