From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 20 Oct 2014 17:19:26 +0000 (-0400)
Subject: Fix cursor leak in krb5_verify_init_creds
X-Git-Tag: krb5-1.12.3-final~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cd2e47e3f114eb3e05123fc2fca59a998cb43e5;p=thirdparty%2Fkrb5.git

Fix cursor leak in krb5_verify_init_creds

In copy_creds_except, call krb5_cc_end_seq_get so we don't leak the
ccache cursor.

(cherry picked from commit 62894f854daa8251554376b6b6810fd0e9fecb7f)

ticket: 8133 (new)
version_fixed: 1.12.3
status: resolved
---

diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
index 4833992352..8ceab7d8a9 100644
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -56,7 +56,7 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
                   krb5_ccache outcc, krb5_principal princ)
 {
     krb5_error_code ret, ret2;
-    krb5_cc_cursor cur;
+    krb5_cc_cursor cur = NULL;
     krb5_creds creds;
 
     /* Turn off TC_OPENCLOSE on input ccache. */
@@ -79,9 +79,13 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
 
     if (ret != KRB5_CC_END)
         goto cleanup;
-    ret = 0;
+
+    ret = krb5_cc_end_seq_get(context, incc, &cur);
+    cur = NULL;
 
 cleanup:
+    if (cur != NULL)
+        (void)krb5_cc_end_seq_get(context, incc, &cur);
     ret2 = krb5_cc_set_flags(context, incc, KRB5_TC_OPENCLOSE);
     return (ret == 0) ? ret2 : ret;
 }