Fix defcred leak in krb5 gss_inquire_cred()
Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory
management of krb5_gss_inquire_cred(), introducing defcred to act as
an owner pointer when the function must acquire a default credential.
The commit neglected to update the code to release the default cred
along the successful path. The old code does not trigger because
cred_handle is now reassigned, so the default credential is leaked.
Reported by Pavel Březina.
(a minimal alternative to commit 593e16448e1af23eef74689afe06a7bcc86e79c7)
ticket: 9016
version_fixed: 1.18.4
(cherry picked from commit b92be484630b38e26f5ee4bd67973fbd7627009c)
Greg Hudson authored 2 years ago
Sam Hartman committed 2 years ago
| 196 | 196 | mechs = GSS_C_NO_OID_SET; |
| 197 | 197 | } |
| 198 | 198 | |
| 199 | if (cred_handle == GSS_C_NO_CREDENTIAL) | |
| 200 | krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); | |
| 201 | ||
| 199 | krb5_gss_release_cred(minor_status, &defcred); | |
| 202 | 200 | krb5_free_context(context); |
| 203 | 201 | *minor_status = 0; |
| 204 | 202 | return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); |