gssapi: Release output_token on error path (GHSL-2023-041)

Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2026-02-04 12:20:42 +09:00 · 2023-03-06 12:30:17 +01:00
parent acfa6e3cac
commit cee5f9f69c
1 changed files with 4 additions and 0 deletions
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -426,6 +426,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                             "Gssapi error",
                             maj_stat,
                             min_stat);
+        gss_release_buffer(&min_stat, &output_token);
        ssh_auth_reply_default(session,0);
        ssh_gssapi_free(session);
        session->gssapi=NULL;
@@ -443,6 +444,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
                        (size_t)output_token.length, output_token.value);
        ssh_packet_send(session);
    }
+
+    gss_release_buffer(&min_stat, &output_token);
+
    if(maj_stat == GSS_S_COMPLETE){
        session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
    }