krb5/backport-Fix-memory-leak-in-PAC-checksum-verification.patch

From c03ac354436a7182962b4987d318a86cb7ac558b Mon Sep 17 00:00:00 2001
From: Arjun <pkillarjun@protonmail.com>
Date: Fri, 11 Oct 2024 00:55:59 +0530
Subject: [PATCH] Fix memory leak in PAC checksum verification

If the server checksum length is invalid, do proper cleanup in
verify_pac_checksums() before returning.

[ghudson@mit.edu: edited commit message]

ticket: 9143 (new)
tags: pullup
target_version: 1.21-next
---
 src/lib/krb5/krb/pac.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 5d1fdf1..77adcd2 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -557,9 +557,11 @@ verify_pac_checksums(krb5_context context, const krb5_pac pac,
         ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
                                    &server_checksum);
         if (ret)
-            return ret;
-        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
-            return KRB5_BAD_MSIZE;
+            goto cleanup;
+        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) {
+            ret = KRB5_BAD_MSIZE;
+            goto cleanup;
+        }
         server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;
         server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
 
-- 
2.27.0
Fix memory leak in PAC checksum verification (cherry picked from commit 85566df5d12a640da947d334d76dd8ce576941ed) 2024-10-18 07:36:49 +08:00			`From c03ac354436a7182962b4987d318a86cb7ac558b Mon Sep 17 00:00:00 2001`
			`From: Arjun <pkillarjun@protonmail.com>`
			`Date: Fri, 11 Oct 2024 00:55:59 +0530`
			`Subject: [PATCH] Fix memory leak in PAC checksum verification`

			`If the server checksum length is invalid, do proper cleanup in`
			`verify_pac_checksums() before returning.`

			`[ghudson@mit.edu: edited commit message]`

			`ticket: 9143 (new)`
			`tags: pullup`
			`target_version: 1.21-next`
			`---`
			`src/lib/krb5/krb/pac.c \| 8 +++++---`
			`1 file changed, 5 insertions(+), 3 deletions(-)`

			`diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c`
			`index 5d1fdf1..77adcd2 100644`
			`--- a/src/lib/krb5/krb/pac.c`
			`+++ b/src/lib/krb5/krb/pac.c`
			`@@ -557,9 +557,11 @@ verify_pac_checksums(krb5_context context, const krb5_pac pac,`
			`ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,`
			`&server_checksum);`
			`if (ret)`
			`- return ret;`
			`- if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)`
			`- return KRB5_BAD_MSIZE;`
			`+ goto cleanup;`
			`+ if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) {`
			`+ ret = KRB5_BAD_MSIZE;`
			`+ goto cleanup;`
			`+ }`
			`server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;`
			`server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;`

			`--`
			`2.27.0`