From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 10 Oct 2016 13:53:26 +0000 (+0200)
Subject: HEIMDAL:lib/krb5: destroy a memory ccache on reinit
X-Git-Tag: samba-4.3.12~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=532fd56b3f16e72ea0f088f4cdfc03d23aa43435;p=thirdparty%2Fsamba.git

HEIMDAL:lib/krb5: destroy a memory ccache on reinit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113)
---

diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c
index e4b90c17e7b..dc79b874171 100644
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
     return 0;
 }
 
+static void KRB5_CALLCONV
+mcc_destroy_internal(krb5_context context,
+		     krb5_mcache *m)
+{
+    struct link *l;
+
+    if (m->primary_principal != NULL) {
+	krb5_free_principal (context, m->primary_principal);
+	m->primary_principal = NULL;
+    }
+    m->dead = 1;
+
+    l = m->creds;
+    while (l != NULL) {
+	struct link *old;
+
+	krb5_free_cred_contents (context, &l->cred);
+	old = l;
+	l = l->next;
+	free (old);
+    }
+
+    m->creds = NULL;
+    return;
+}
+
 static krb5_error_code KRB5_CALLCONV
 mcc_initialize(krb5_context context,
 	       krb5_ccache id,
 	       krb5_principal primary_principal)
 {
     krb5_mcache *m = MCACHE(id);
+    /*
+     * It's important to destroy any existing
+     * creds here, that matches the baheviour
+     * of all other backends and also the
+     * MEMORY: backend in MIT.
+     */
+    mcc_destroy_internal(context, m);
     m->dead = 0;
+    m->kdc_offset = 0;
     m->mtime = time(NULL);
     return krb5_copy_principal (context,
 				primary_principal,
@@ -195,7 +229,6 @@ mcc_destroy(krb5_context context,
 	    krb5_ccache id)
 {
     krb5_mcache **n, *m = MCACHE(id);
-    struct link *l;
 
     if (m->refcnt == 0)
 	krb5_abortx(context, "mcc_destroy: refcnt already 0");
@@ -211,22 +244,7 @@ mcc_destroy(krb5_context context,
 	    }
 	}
 	HEIMDAL_MUTEX_unlock(&mcc_mutex);
-	if (m->primary_principal != NULL) {
-	    krb5_free_principal (context, m->primary_principal);
-	    m->primary_principal = NULL;
-	}
-	m->dead = 1;
-
-	l = m->creds;
-	while (l != NULL) {
-	    struct link *old;
-
-	    krb5_free_cred_contents (context, &l->cred);
-	    old = l;
-	    l = l->next;
-	    free (old);
-	}
-	m->creds = NULL;
+	mcc_destroy_internal(context, m);
     }
     return 0;
 }