From: Tomas Kuthan <tkuthan@gmail.com>
Date: Wed, 2 Apr 2014 15:48:04 +0000 (+0200)
Subject: Fix leak in kadm5_flush with LDAP KDB
X-Git-Tag: krb5-1.13-alpha1~161
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=372e4cb6f5d4a603e6e3157c7b5d354953836136;p=thirdparty%2Fkrb5.git

Fix leak in kadm5_flush with LDAP KDB

Due to an inverted test in adb_policy_init, kadm5_flush calls
krb5_db_open twice.  With the DB2 KDB module, the second open is a
no-op, but with the LDAP module, a new DB handle is allocated and the
old one is leaked.

[ghudson@mit.edu: rewrote commit message]

ticket: 7897 (new)
target_version: 1.12.2
tags: pullup
---

diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c
index 30a0b5abda..18d047b995 100644
--- a/src/lib/kadm5/srv/server_misc.c
+++ b/src/lib/kadm5/srv/server_misc.c
@@ -38,7 +38,7 @@ kadm5_ret_t
 adb_policy_init(kadm5_server_handle_t handle)
 {
     /* now policy is initialized as part of database. No seperate call needed */
-    if( krb5_db_inited( handle->context ) )
+    if (krb5_db_inited(handle->context) == 0)
         return KADM5_OK;
 
     return krb5_db_open( handle->context, NULL,