From: Ezra Peisach Date: Sat, 30 Dec 2006 06:05:12 +0000 (+0000) Subject: memory leak if defective header present in gss_krb5int_unseal_token_v3 X-Git-Tag: krb5-1.7-alpha1~1379 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a2682e413397c05bc681b84e138ea8062f3031ba;p=krb5.git memory leak if defective header present in gss_krb5int_unseal_token_v3 If after unsealing the message, the TOK_ID is not 05 04, free memory before returning a defective token error. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index c5628e2c2..d83ac8593 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -412,8 +412,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, if (load_16_be(althdr) != 0x0504 || althdr[2] != ptr[2] || althdr[3] != ptr[3] - || memcmp(althdr+8, ptr+8, 8)) + || memcmp(althdr+8, ptr+8, 8)) { + free(plain.data); goto defective; + } message_buffer->value = plain.data; message_buffer->length = plain.length - ec - 16; } else {