diff options
author | Ezra Peisach <epeisach@mit.edu> | 2006-12-30 06:05:12 +0000 |
---|---|---|
committer | Ezra Peisach <epeisach@mit.edu> | 2006-12-30 06:05:12 +0000 |
commit | a2682e413397c05bc681b84e138ea8062f3031ba (patch) | |
tree | a6195893033b26645a5a9889ce4010c1ce77acff /src/lib | |
parent | d21b1d542e1b70d3b510eda4e6dd78b88f285dce (diff) | |
download | krb5-a2682e413397c05bc681b84e138ea8062f3031ba.tar.gz krb5-a2682e413397c05bc681b84e138ea8062f3031ba.tar.xz krb5-a2682e413397c05bc681b84e138ea8062f3031ba.zip |
memory leak if defective header present in gss_krb5int_unseal_token_v3
If after unsealing the message, the TOK_ID is not 05 04, free memory
before returning a defective token error.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/gssapi/krb5/k5sealv3.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index c5628e2c28..d83ac8593c 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -412,8 +412,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, if (load_16_be(althdr) != 0x0504 || althdr[2] != ptr[2] || althdr[3] != ptr[3] - || memcmp(althdr+8, ptr+8, 8)) + || memcmp(althdr+8, ptr+8, 8)) { + free(plain.data); goto defective; + } message_buffer->value = plain.data; message_buffer->length = plain.length - ec - 16; } else { |