From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 22 Sep 2016 06:21:39 +0000 (-0400)
Subject: Fix unlikely leak in KDC AS-REQ error path
X-Git-Tag: krb5-1.15-beta1~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F542%2Fhead;p=thirdparty%2Fkrb5.git

Fix unlikely leak in KDC AS-REQ error path

In prepare_error_as(), if krb5_us_timeofday() fails and error pa-data
was supplied, the FAST cookie and a shallow copy of the error padata
can be leaked.  Reported by Will Fiveash.

ticket: 8498
target_version: 1.14-next
tags: pullup
---

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 5440949332..712ccb7946 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -859,7 +859,7 @@ prepare_error_as(struct kdc_request_state *rstate, krb5_kdc_req *request,
 
     retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec);
     if (retval)
-        return retval;
+        goto cleanup;
     errpkt.error = error;
     errpkt.server = request->server;
     errpkt.client = (error == KDC_ERR_WRONG_REALM) ? canon_client :