From: Tom Yu <tlyu@mit.edu>
Date: Tue, 23 Feb 2010 00:25:54 +0000 (+0000)
Subject: pull up r23735 from trunk
X-Git-Tag: krb5-1.8-beta2~4
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=01c6f93d0364b778391dd64bfbdfa1abab5d11a4;p=krb5.git

pull up r23735 from trunk

 ------------------------------------------------------------------------
 r23735 | ghudson | 2010-02-18 13:49:11 -0500 (Thu, 18 Feb 2010) | 8 lines

 ticket: 6659
 target_version: 1.8
 tags: pullup

 The TGS code was not freeing authdata.  This is an old leak which was
 made more evident in 1.8 by the addition of ad-signedpath authdata
 appearing in most tickets issued through the TGS path.

ticket: 6659
version_fixed: 1.8
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23747 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 44b5791bc..f80827690 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -136,6 +136,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
 
     reply.padata = 0; /* For cleanup handler */
     reply_encpart.enc_padata = 0;
+    enc_tkt_reply.authorization_data = NULL;
     e_data.data = NULL;
 
     session_key.contents = NULL;
@@ -726,8 +727,6 @@ tgt_again:
         }
     }
 
-    enc_tkt_reply.authorization_data = NULL;
-
     if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
         !isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM))
         enc_tkt_reply.client = s4u_x509_user->user_id.user;
@@ -1045,6 +1044,8 @@ cleanup:
         krb5_free_pa_data(kdc_context, reply.padata);
     if (reply_encpart.enc_padata)
         krb5_free_pa_data(kdc_context, reply_encpart.enc_padata);
+    if (enc_tkt_reply.authorization_data != NULL)
+        krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
     krb5_free_data_contents(kdc_context, &e_data);
 
     return retval;