From: Arjun <pkillarjun@protonmail.com>
Date: Thu, 10 Oct 2024 19:25:59 +0000 (+0530)
Subject: Fix memory leak in PAC checksum verification
X-Git-Tag: krb5-1.22-beta1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c03ac354436a7182962b4987d318a86cb7ac558b;p=thirdparty%2Fkrb5.git

Fix memory leak in PAC checksum verification

If the server checksum length is invalid, do proper cleanup in
verify_pac_checksums() before returning.

[ghudson@mit.edu: edited commit message]

ticket: 9143 (new)
tags: pullup
target_version: 1.21-next
---

diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 5d1fdf1ba0..77adcd2726 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -557,9 +557,11 @@ verify_pac_checksums(krb5_context context, const krb5_pac pac,
         ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
                                    &server_checksum);
         if (ret)
-            return ret;
-        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
-            return KRB5_BAD_MSIZE;
+            goto cleanup;
+        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) {
+            ret = KRB5_BAD_MSIZE;
+            goto cleanup;
+        }
         server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;
         server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;