projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac438e1)
fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()
authorTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 05:01:07 +0000 (05:01 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 05:01:07 +0000 (05:01 +0000)
ticket: 5856
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20180 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/k5sealv3.c patch | blob | history

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index 019f668c8c679489fef06d84959feb25a43d882b..c8a168a17ae7e12eb8cefb6b5ae0f2651d915d46 100644 (file)
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
        plain.data = 0;
        if (err) {
            zap(outbuf,bufsize);
-           free(outbuf);
            goto error;
        }
        if (sum.length != ctx->cksum_size)
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.