From 8b3e207bfe7fca287885ec47116d17784fa7e726 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 2 Dec 2016 11:10:52 -0500
Subject: [PATCH] Improve cleanup in krb5_rc_io_fetch()

In the error cleanup for krb5_rc_io_fetch(), null out rep->msghash
after freeing it, like we do with rep->client and rep->server.  This
omission is currently harmless because krb5_rc_io_fetch() never sets
rep->msghash before failing, but it could result in a double-free or
use after free if the code changes.
---
 src/lib/krb5/rcache/rc_dfl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
index c4d2c744da..80c22ae2df 100644
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -517,7 +517,7 @@ errout:
         free(rep->server);
     if (rep->msghash)
         free(rep->msghash);
-    rep->client = rep->server = 0;
+    rep->client = rep->server = rep->msghash = NULL;
     return retval;
 }
 
-- 
2.47.2