Skip to content

Commit

Permalink
gss/krb5: gsskrb5_acceptor_start authenticator leak (take two)
Browse files Browse the repository at this point in the history 
Change-Id: I11be62ab806ea89258fe60e29e6d6488908070fa
  • Loading branch information
@jaltman
jaltman committed Nov 20, 2016
1 parent 2be6646 commit d9f7718
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions lib/gssapi/krb5/accept_sec_context.c
View file
Expand Up @@ -537,8 +537,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
&ctx->flags,
&ctx->fwd_data);

krb5_free_authenticator(context, &authenticator);
if (ret) {
krb5_free_authenticator(context, &authenticator);
return ret;
}
} else {
Expand All @@ -548,9 +548,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
kret = krb5_crypto_init(context,
ctx->auth_context->keyblock,
0, &crypto);
if(kret) {
if (kret) {
krb5_free_authenticator(context, &authenticator);

ret = GSS_S_FAILURE;
*minor_status = kret;
return ret;
Expand All @@ -564,10 +563,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
kret = krb5_verify_checksum(context,
crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
authenticator->cksum);
krb5_free_authenticator(context, &authenticator);
krb5_crypto_destroy(context, crypto);

if(kret) {
if (kret) {
krb5_free_authenticator(context, &authenticator);
ret = GSS_S_BAD_SIG;
*minor_status = kret;
return ret;
Expand Down

0 comments on commit d9f7718

Please sign in to comment.