diff options
author | Jeffrey Hutzelman <jhutz@cmu.edu> | 2012-11-18 16:52:45 -0500 |
---|---|---|
committer | Jeffrey Hutzelman <jhutz@cmu.edu> | 2012-11-24 18:13:15 -0500 |
commit | c7544084565dcee8dd18b2a4d99c594253c656b7 (patch) | |
tree | 34291d6c1bf2a8d62966a8d5c6536ec3fee75150 | |
parent | 170736db76139ed9fff9dbf70a55d4ba4f25d9bd (diff) |
ZCheckSrvAuthentication: fix auth context leak
Fix a leak in which we fail to free a Kerberos authentication context
in ZCheckSrvAuthentication if getting or setting the context flags fails.
-rw-r--r-- | server/kstuff.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/server/kstuff.c b/server/kstuff.c index 38c7a6c..290a1e4 100644 --- a/server/kstuff.c +++ b/server/kstuff.c @@ -330,8 +330,10 @@ ZCheckSrvAuthentication(ZNotice_t *notice, return ZAUTH_FAILED; } + /* HOLDING: authbuf, keytabid, authctx */ result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags); if (result) { + krb5_auth_con_free(Z_krb5_ctx, authctx); krb5_kt_close(Z_krb5_ctx, keytabid); free(authbuf); syslog(LOG_DEBUG, "ZCheckSrvAuthentication: krb5_auth_con_getflags: %s", error_message(result)); @@ -342,13 +344,13 @@ ZCheckSrvAuthentication(ZNotice_t *notice, result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags); if (result) { + krb5_auth_con_free(Z_krb5_ctx, authctx); krb5_kt_close(Z_krb5_ctx, keytabid); free(authbuf); syslog(LOG_DEBUG, "ZCheckSrvAuthentication: krb5_auth_con_setflags: %s", error_message(result)); return ZAUTH_FAILED; } - /* HOLDING: authbuf, authctx */ result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm), __Zephyr_realm, SERVER_SERVICE, SERVER_INSTANCE, NULL); @@ -359,6 +361,7 @@ ZCheckSrvAuthentication(ZNotice_t *notice, } krb5_kt_close(Z_krb5_ctx, keytabid); + /* HOLDING: authbuf, authctx */ if (result) { if (result == KRB5KRB_AP_ERR_REPEAT) syslog(LOG_DEBUG, "ZCheckSrvAuthentication: k5 auth failed: %s", |