From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 27 Jun 2016 21:49:57 +0000 (-0400)
Subject: Fix leaks on error in krb5 gss_acquire_cred()
X-Git-Tag: krb5-1.13.7-final~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f612b3d1c241efd95cc0d5027e8273218209898;p=thirdparty%2Fkrb5.git

Fix leaks on error in krb5 gss_acquire_cred()

In acquire_cred_context(), when releasing the partially constructed
cred on error, make sure to free the password and impersonator fields,
and to destroy the ccache if we created it.

(cherry picked from commit ee7315964e52fe351ddb6884e0e8baf1ecce2144)

ticket: 8437
version_fixed: 1.13.7
---

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 8bdf7c4177..a8199c57e4 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -836,8 +836,12 @@ krb_error_out:
 
 error_out:
     if (cred != NULL) {
-        if (cred->ccache)
-            krb5_cc_close(context, cred->ccache);
+        if (cred->ccache) {
+            if (cred->destroy_ccache)
+                krb5_cc_destroy(context, cred->ccache);
+            else
+                krb5_cc_close(context, cred->ccache);
+        }
         if (cred->client_keytab)
             krb5_kt_close(context, cred->client_keytab);
 #ifndef LEAN_CLIENT
@@ -848,6 +852,8 @@ error_out:
             krb5_rc_close(context, cred->rcache);
         if (cred->name)
             kg_release_name(context, &cred->name);
+        krb5_free_principal(context, cred->impersonator);
+        zapfreestr(cred->password);
         k5_mutex_destroy(&cred->lock);
         xfree(cred);
     }