From: sashan <anedvedicky@gmail.com>
Date: Thu, 26 May 2022 06:51:10 +0000 (+0200)
Subject: Fix memory leak in SPAKE kdcpreauth module
X-Git-Tag: krb5-1.21-beta1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=445e1b32767af3041ffd1823996d05ffec6fc9d5;p=thirdparty%2Fkrb5.git

Fix memory leak in SPAKE kdcpreauth module

Commit ff57dc682a27bd205d715f3c0bed84890f2453c4 introduced a memory
leak into verify_response().  reply_key is no longer passed to the
callback and therefore needs to be freed by this function.

[ghudson@mit.edu: rewrote commit message]

ticket: 9061 (new)
tags: pullup
target_version: 1.20-next
---

diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c
index 687cdc9e0a..1a772d450f 100644
--- a/src/plugins/preauth/spake/spake_kdc.c
+++ b/src/plugins/preauth/spake/spake_kdc.c
@@ -469,6 +469,7 @@ cleanup:
     zapfree(spakeresult.data, spakeresult.length);
     krb5_free_data_contents(context, &thash);
     krb5_free_keyblock(context, k1);
+    krb5_free_keyblock(context, reply_key);
     k5_free_spake_factor(context, factor);
     (*respond)(arg, ret, NULL, NULL, NULL);
 }