git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 87b7a7d)
heimdal: Fix CID 1273430 Double free
authorVolker Lendecke <vl@samba.org>
Thu, 5 Mar 2015 20:17:31 +0000 (21:17 +0100)
committerDavid Disseldorp <ddiss@samba.org>
Fri, 6 Mar 2015 16:38:09 +0000 (17:38 +0100)
I think Coverity is right here: Before the preceding call to
krb5_make_principal we already krb5_free_principal(ctx, tmp_creds.server)
without wiping out tmp_creds.server. The call to krb5_make_principal only
stores something fresh when it also returns 0 a.k.a. success.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Mar  6 17:38:09 CET 2015 on sn-devel-104

source4/heimdal/lib/krb5/get_cred.c patch | blob | history

diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 51550daa4ceabd6ba4cd9371ac141020193eef1c..29ab6eaaa76196e9ae409b349b9aa5291b195079 100644 (file)
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -839,7 +839,6 @@ get_cred_kdc_capath_worker(krb5_context context,
        ret = krb5_make_principal(context, &tmp_creds.server,
                                  tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
        if(ret) {
-           krb5_free_principal(context, tmp_creds.server);
            krb5_free_principal(context, tmp_creds.client);
            return ret;
        }
Samba Shared Repository