Fix rare leak in krb5_cccol_have_content()

If krb5_cc_start_seq_get() fails inside the loop, close the current credential cache before continuing to the next one. Reported by Todd Lipcon. (cherry picked from commit 1735f2e) ticket: 8509 version_fixed: 1.15
krb5 · Oct 24, 2016 · 3bb6e66 · 3bb6e66
1 parent f94a9e9
commit 3bb6e66
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
@@ -255,8 +255,10 @@ krb5_cccol_have_content(krb5_context context)
 
         ret = krb5_cc_start_seq_get(context, cache, &cache_cursor);
         save_first_error(context, ret, &errsave);
-        if (ret)
+        if (ret) {
+            krb5_cc_close(context, cache);
             continue;
+        }
         while (!found) {
             ret = krb5_cc_next_cred(context, cache, &cache_cursor, &creds);
             save_first_error(context, ret, &errsave);