aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorConrad Meyer <cem@FreeBSD.org>2016-05-11 23:25:59 +0000
committerConrad Meyer <cem@FreeBSD.org>2016-05-11 23:25:59 +0000
commitf74fc686705c09ec2f724831028c923f623fd880 (patch)
tree8b7981a88f131877ee1ba34c4d4047f36225b0e6 /crypto
parentfe4be618c9f23b74a9437488c4d28ff489529a8f (diff)
downloadsrc-f74fc686705c09ec2f724831028c923f623fd880.tar.gz
src-f74fc686705c09ec2f724831028c923f623fd880.zip
libkrb5: Fix potential double-free
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division
Notes
Notes: svn path=/head/; revision=299495
Diffstat (limited to 'crypto')
-rw-r--r--crypto/heimdal/lib/krb5/get_cred.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c
index e3bb23a2e9d7..9914fe4246d6 100644
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ b/crypto/heimdal/lib/krb5/get_cred.c
@@ -831,6 +831,7 @@ get_cred_kdc_capath_worker(krb5_context context,
if(strcmp(tgt_inst, server_realm) == 0)
break;
krb5_free_principal(context, tmp_creds.server);
+ tmp_creds.server = NULL;
ret = krb5_make_principal(context, &tmp_creds.server,
tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
if(ret) {