KDC memory leak of reply padata for FAST replies
authorGreg Hudson <ghudson@mit.edu>
Thu, 17 Mar 2011 22:10:44 +0000 (22:10 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 17 Mar 2011 22:10:44 +0000 (22:10 +0000)
kdc_fast_response_handle_padata() replaces rep->padata, causing the
old value to be leaked.  As a minimal fix, free the old value of
rep->padata before replacing it.

ticket: 6885
target_version: 1.9.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/fast_util.c

index bc5a77bfad6ba71cff9ee8244b4628e9ebbf133d..65e4600b333078ac4710bc5297fd1717a94022db 100644 (file)
@@ -338,6 +338,7 @@ kdc_fast_response_handle_padata(struct kdc_request_state *state,
         pa[0].length = encrypted_reply->length;
         pa[0].contents = (unsigned char *)  encrypted_reply->data;
         pa_array[0] = &pa[0];
+        krb5_free_pa_data(kdc_context, rep->padata);
         rep->padata = pa_array;
         pa_array = NULL;
         free(encrypted_reply);