From 67828247e3af6b7c58ebc7bae9bb3479f2cb86a5 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 27 Jun 2008 03:33:14 +0000
Subject: use-after-free bugs

Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/mk_cred.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
index cb4464717..3479aa29e 100644
--- a/src/lib/krb5/krb/mk_cred.c
+++ b/src/lib/krb5/krb/mk_cred.c
@@ -183,8 +183,8 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
 
     if ((pcred->tickets 
       = (krb5_ticket **)malloc(sizeof(krb5_ticket *) * (ncred + 1))) == NULL) {
-	retval = ENOMEM;
 	free(pcred);
+	return ENOMEM;
     }
     memset(pcred->tickets, 0, sizeof(krb5_ticket *) * (ncred +1));
 
-- 
cgit