From 635c8cca65b745476d07c1f5ff701445db25c10d Mon Sep 17 00:00:00 2001 From: Ilya Gladyshev Date: Wed, 30 Aug 2023 21:19:59 +0100 Subject: [PATCH] Fix krb5_cccol_have_content() bad pointer free krb5_cccol_have_content() calls krb5_cc_get_principal() within a loop, and frees the resulting principal on success or failure. Set princ to null before each call to ensure we don't free a dangling pointer. [ghudson@mit.edu: rewrote commit message; moved assignment for greater clarity] ticket: 9103 tags: pullup target_version: 1.21-next target_version: 1.20-next --- src/lib/krb5/ccache/cccursor.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c index 4bcb66b712..926873f2a2 100644 --- a/src/lib/krb5/ccache/cccursor.c +++ b/src/lib/krb5/ccache/cccursor.c @@ -249,6 +249,7 @@ krb5_cccol_have_content(krb5_context context) save_first_error(context, ret, &errsave); if (ret || cache == NULL) break; + princ = NULL; ret = krb5_cc_get_principal(context, cache, &princ); save_first_error(context, ret, &errsave); if (!ret) -- 2.47.2