03254981cb
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
commit decccbcb5075f8fbc28a535a9b337afc84a15dee
|
|
Author: Greg Hudson <ghudson@mit.edu>
|
|
Date: Mon Dec 16 15:37:56 2013 -0500
|
|
|
|
Fix GSS krb5 acceptor acquire_cred error handling
|
|
|
|
When acquiring acceptor creds with a specified name, if we fail to
|
|
open a replay cache, we leak the keytab handle. If there is no
|
|
specified name and we discover that there is no content in the keytab,
|
|
we leak the keytab handle and return the wrong major code. Memory
|
|
leak reported by Andrea Campi.
|
|
|
|
ticket: 7805
|
|
target_version: 1.12.1
|
|
tags: pullup
|
|
|
|
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
|
|
index 0efcad4..9547207 100644
|
|
--- a/src/lib/gssapi/krb5/acquire_cred.c
|
|
+++ b/src/lib/gssapi/krb5/acquire_cred.c
|
|
@@ -225,6 +225,7 @@ acquire_accept_cred(krb5_context context,
|
|
code = krb5_get_server_rcache(context, &cred->name->princ->data[0],
|
|
&cred->rcache);
|
|
if (code) {
|
|
+ krb5_kt_close(context, kt);
|
|
*minor_status = code;
|
|
return GSS_S_FAILURE;
|
|
}
|
|
@@ -232,8 +233,9 @@ acquire_accept_cred(krb5_context context,
|
|
/* Make sure we have a keytab with keys in it. */
|
|
code = krb5_kt_have_content(context, kt);
|
|
if (code) {
|
|
+ krb5_kt_close(context, kt);
|
|
*minor_status = code;
|
|
- return GSS_S_FAILURE;
|
|
+ return GSS_S_CRED_UNAVAIL;
|
|
}
|
|
}
|
|
|