[PATCH] heimdal: Fix CID 1273430 Double free
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Mar 5 13:33:14 MST 2015
Hi!
Review&push appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From f5171f9564c4f202396fcd576541e00ce05db3ea Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 5 Mar 2015 21:17:31 +0100
Subject: [PATCH] heimdal: Fix CID 1273430 Double free
I think Coverity is right here: Before the preceding call to
krb5_make_principal we already krb5_free_principal(ctx, tmp_creds.server)
without wiping out tmp_creds.server. The call to krb5_make_principal only
stores something fresh when it also returns 0 a.k.a. success.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/heimdal/lib/krb5/get_cred.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 51550da..29ab6ea 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -837,11 +837,10 @@ get_cred_kdc_capath_worker(krb5_context context,
break;
krb5_free_principal(context, tmp_creds.server);
ret = krb5_make_principal(context, &tmp_creds.server,
tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
if(ret) {
- krb5_free_principal(context, tmp_creds.server);
krb5_free_principal(context, tmp_creds.client);
return ret;
}
ret = krb5_free_creds(context, tgt);
if(ret) {
--
1.9.1
More information about the samba-technical
mailing list