From 8d852c577039d59e1bea383e4ddfe575c20f240d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 22 Sep 2016 02:21:39 -0400 Subject: [PATCH] Fix unlikely leak in KDC AS-REQ error path In prepare_error_as(), if krb5_us_timeofday() fails and error pa-data was supplied, the FAST cookie and a shallow copy of the error padata can be leaked. Reported by Will Fiveash. ticket: 8498 target_version: 1.14-next tags: pullup --- src/kdc/do_as_req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 5440949332..712ccb7946 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -859,7 +859,7 @@ prepare_error_as(struct kdc_request_state *rstate, krb5_kdc_req *request, retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec); if (retval) - return retval; + goto cleanup; errpkt.error = error; errpkt.server = request->server; errpkt.client = (error == KDC_ERR_WRONG_REALM) ? canon_client : -- 2.47.2