libkrb5: Fix potential double-free

If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division
svn path=/head/; revision=299495
2024-11-14 06:12:01 +01:00 · 2016-05-11 23:25:59 +00:00 · 2016-05-11 23:25:59 +00:00 · f74fc68670 · 2020-12-20 02:59:44 +00:00
commit f74fc68670
parent fe4be618c9
1 changed files with 1 additions and 0 deletions
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ b/crypto/heimdal/lib/krb5/get_cred.c
@ -831,6 +831,7 @@ get_cred_kdc_capath_worker(krb5_context context,
 	if(strcmp(tgt_inst, server_realm) == 0)
 	    break;
 	krb5_free_principal(context, tmp_creds.server);
+	tmp_creds.server = NULL;
 	ret = krb5_make_principal(context, &tmp_creds.server,
 				  tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
 	if(ret) {