From 597f18953367bbc246fbb0222355a7a94ffff6b4 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 25 Oct 2018 12:21:45 -0400 Subject: [PATCH] Fix minor leak in kadmind password change dispatch In the unlikely event that kadmind cannot resolve the KDB keytab in schpw.c:dispatch(), don't leak the error message. Reported by Bean Zhang. --- src/kadmin/server/schpw.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index 491cba91aa..f7dea39961 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -438,11 +438,14 @@ dispatch(void *handle, const krb5_fulladdr *local_addr, krb5_keytab kt = NULL; kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; krb5_data *response = NULL; + const char *emsg; ret = krb5_kt_resolve(server_handle->context, "KDB:", &kt); if (ret != 0) { + emsg = krb5_get_error_message(server_handle->context, ret); krb5_klog_syslog(LOG_ERR, _("chpw: Couldn't open admin keytab %s"), - krb5_get_error_message(server_handle->context, ret)); + emsg); + krb5_free_error_message(server_handle->context, emsg); goto egress; } -- 2.47.2