Most places that call krb5_init_context() abort cleanly on failure.
However these two then try to free the non-existent context, which
doesn't end well.
Signed-off-by: NeilBrown <neilb@xxxxxxx>
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index aeb8f70..4befa72 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1212,9 +1212,9 @@ gssd_destroy_krb5_machine_creds(void)
"cache '%s'\n", k5err, ple->ccname);
}
}
+ krb5_free_context(context);
out:
free(k5err);
- krb5_free_context(context);
}
/*
@@ -1257,7 +1257,7 @@ gssd_refresh_krb5_machine_credential(char *hostname,
k5err = gssd_k5_err_msg(context, code);
printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n",
__func__, k5err, keytabfile);
- goto out;
+ goto out_free_context;
}
if (ple == NULL) {
@@ -1272,7 +1272,7 @@ gssd_refresh_krb5_machine_credential(char *hostname,
"in keytab %s for connection with host %s\n",
__FUNCTION__, keytabfile, hostname);
retval = code;
- goto out;
+ goto out_free_kt;
}
ple = get_ple_by_princ(context, kte.principal);
@@ -1288,14 +1288,15 @@ gssd_refresh_krb5_machine_credential(char *hostname,
__FUNCTION__, pname ? pname : "<unparsable>",
hostname);
if (pname) k5_free_unparsed_name(context, pname);
- goto out;
+ goto out_free_kt;
}
}
retval = gssd_get_single_krb5_cred(context, kt, ple, 0);
-out:
- if (kt)
- krb5_kt_close(context, kt);
+out_free_kt:
+ krb5_kt_close(context, kt);
+out_free_context:
krb5_free_context(context);
+out:
free(k5err);
return retval;
}
Attachment:
signature.asc
Description: PGP signature
