Fix unlikely null dereference in mk_cred()

If krb5_encrypt_keyhelper() returns an error, the ciphertext structure may contain a non-zero length, but it will already have freed the pointer to its data, making encrypt_credencpart()'s subsequent attempt to clear and free the memory fail. Remove that logic. Based on a patch from Jatin Nansi. (cherry picked from commit 476284d) ticket: 7948 version_fixed: 1.12.2 status: resolved
krb5 · Jun 27, 2014 · e5bb07c · e5bb07c
1 parent 62c9e50
commit e5bb07c
Showing 1 changed file with 0 additions and 7 deletions.
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
@@ -49,13 +49,6 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
                                   KRB5_KEYUSAGE_KRB_CRED_ENCPART, scratch,
                                   pencdata);
 
-    if (retval) {
-        memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
-        free(pencdata->ciphertext.data);
-        pencdata->ciphertext.length = 0;
-        pencdata->ciphertext.data = 0;
-    }
-
     memset(scratch->data, 0, scratch->length);
     krb5_free_data(context, scratch);