use-after-free bugs

Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2008-06-27 03:33:14 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2008-06-27 03:33:14 +0000
commit: 67828247e3af6b7c58ebc7bae9bb3479f2cb86a5 (patch)
tree: b86d5baa8334b6703acf4913f1e18a4ae9a7d5c1 /src/lib/krb5/krb
parent: f468121a1abec8c33d38712723f174a73229e68d (diff)
download: krb5-67828247e3af6b7c58ebc7bae9bb3479f2cb86a5.tar.gz
krb5-67828247e3af6b7c58ebc7bae9bb3479f2cb86a5.tar.xz
krb5-67828247e3af6b7c58ebc7bae9bb3479f2cb86a5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
index cb44647178..3479aa29ef 100644
--- a/src/lib/krb5/krb/mk_cred.c
+++ b/src/lib/krb5/krb/mk_cred.c
@@ -183,8 +183,8 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
 
     if ((pcred->tickets 
       = (krb5_ticket **)malloc(sizeof(krb5_ticket *) * (ncred + 1))) == NULL) {
-	retval = ENOMEM;
 	free(pcred);
+	return ENOMEM;
     }
     memset(pcred->tickets, 0, sizeof(krb5_ticket *) * (ncred +1));
author	Ken Raeburn <raeburn@mit.edu>	2008-06-27 03:33:14 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2008-06-27 03:33:14 +0000
commit	67828247e3af6b7c58ebc7bae9bb3479f2cb86a5 (patch)
tree	b86d5baa8334b6703acf4913f1e18a4ae9a7d5c1 /src/lib/krb5/krb
parent	f468121a1abec8c33d38712723f174a73229e68d (diff)
download	krb5-67828247e3af6b7c58ebc7bae9bb3479f2cb86a5.tar.gz krb5-67828247e3af6b7c58ebc7bae9bb3479f2cb86a5.tar.xz krb5-67828247e3af6b7c58ebc7bae9bb3479f2cb86a5.zip