From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 28 Jun 2016 18:52:31 +0000 (-0400)
Subject: Fix krb5_get_init_creds_password() pwchange leak
X-Git-Tag: krb5-1.15-beta1~110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e5f7709e1928f1e814c427f2811d9204a167439;p=thirdparty%2Fkrb5.git

Fix krb5_get_init_creds_password() pwchange leak

When krb5_get_init_creds_password() attempts to change the password,
make sure to free code_string along all exit paths.

ticket: 8440 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 55aa9d6e88..6f3a29f2c4 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -442,6 +442,7 @@ krb5_get_init_creds_password(krb5_context context,
             /* the change succeeded.  go on */
 
             if (result_code == 0) {
+                free(code_string.data);
                 free(result_string.data);
                 break;
             }
@@ -451,6 +452,7 @@ krb5_get_init_creds_password(krb5_context context,
             ret = KRB5_CHPW_FAIL;
 
             if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(code_string.data);
                 free(result_string.data);
                 goto cleanup;
             }