memory leak if defective header present in gss_krb5int_unseal_token_v3

If after unsealing the message, the TOK_ID is not 05 04, free memory before returning a defective token error. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
author: Ezra Peisach <epeisach@mit.edu> 2006-12-30 06:05:12 +0000
committer: Ezra Peisach <epeisach@mit.edu> 2006-12-30 06:05:12 +0000
commit: a2682e413397c05bc681b84e138ea8062f3031ba (patch)
tree: a6195893033b26645a5a9889ce4010c1ce77acff /src/lib
parent: d21b1d542e1b70d3b510eda4e6dd78b88f285dce (diff)
download: krb5-a2682e413397c05bc681b84e138ea8062f3031ba.tar.gz
krb5-a2682e413397c05bc681b84e138ea8062f3031ba.tar.xz
krb5-a2682e413397c05bc681b84e138ea8062f3031ba.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index c5628e2c28..d83ac8593c 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -412,8 +412,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 	    if (load_16_be(althdr) != 0x0504
 		|| althdr[2] != ptr[2]
 		|| althdr[3] != ptr[3]
-		|| memcmp(althdr+8, ptr+8, 8))
+		|| memcmp(althdr+8, ptr+8, 8)) {
+		free(plain.data);
 		goto defective;
+	    }
 	    message_buffer->value = plain.data;
 	    message_buffer->length = plain.length - ec - 16;
 	} else {
author	Ezra Peisach <epeisach@mit.edu>	2006-12-30 06:05:12 +0000
committer	Ezra Peisach <epeisach@mit.edu>	2006-12-30 06:05:12 +0000
commit	a2682e413397c05bc681b84e138ea8062f3031ba (patch)
tree	a6195893033b26645a5a9889ce4010c1ce77acff /src/lib
parent	d21b1d542e1b70d3b510eda4e6dd78b88f285dce (diff)
download	krb5-a2682e413397c05bc681b84e138ea8062f3031ba.tar.gz krb5-a2682e413397c05bc681b84e138ea8062f3031ba.tar.xz krb5-a2682e413397c05bc681b84e138ea8062f3031ba.zip