From a2682e413397c05bc681b84e138ea8062f3031ba Mon Sep 17 00:00:00 2001
From: Ezra Peisach <epeisach@mit.edu>
Date: Sat, 30 Dec 2006 06:05:12 +0000
Subject: [PATCH] memory leak if defective header present in
 gss_krb5int_unseal_token_v3

If after unsealing the message, the TOK_ID is not 05 04, free memory
before returning a defective token error.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/k5sealv3.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index c5628e2c2..d83ac8593 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -412,8 +412,10 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 	    if (load_16_be(althdr) != 0x0504
 		|| althdr[2] != ptr[2]
 		|| althdr[3] != ptr[3]
-		|| memcmp(althdr+8, ptr+8, 8))
+		|| memcmp(althdr+8, ptr+8, 8)) {
+		free(plain.data);
 		goto defective;
+	    }
 	    message_buffer->value = plain.data;
 	    message_buffer->length = plain.length - ec - 16;
 	} else {
-- 
2.26.2