From 40d61fe580a57d63987c4e2b8eecd9f0ed1f1189 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 9 Jul 2013 17:20:27 -0400 Subject: [PATCH] Don't leak the reply key's memory during PKINIT --- src/plugins/preauth/pkinit/pkinit_clnt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index ff564ff86b..5db24dad37 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -1130,8 +1130,10 @@ pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata, retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request, in_padata, enctype, &as_key, encoded_previous_request); - if (retval == 0) + if (retval == 0) { retval = cb->set_as_key(context, rock, &as_key); + krb5_free_keyblock_contents(context, &as_key); + } } pkiDebug("pkinit_client_process: returning %d (%s)\n", -- 2.47.2