From 18a39e9ce1d88cdfa5684fa37c874b649c5c3e64 Mon Sep 17 00:00:00 2001
From: xuraoqing <xuraoqing@huawei.com>
Date: Tue, 19 Sep 2023 14:16:14 +0800
Subject: [PATCH] Fix krb5_cccol_have_content() bad pointer free

Signed-off-by: xuraoqing <xuraoqing@huawei.com>
---
 ..._cccol_have_content-bad-pointer-free.patch | 35 +++++++++++++++++++
 krb5.spec                                     |  6 +++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 Fix-krb5_cccol_have_content-bad-pointer-free.patch

diff --git a/Fix-krb5_cccol_have_content-bad-pointer-free.patch b/Fix-krb5_cccol_have_content-bad-pointer-free.patch
new file mode 100644
index 0000000..ef56ecc
--- /dev/null
+++ b/Fix-krb5_cccol_have_content-bad-pointer-free.patch
@@ -0,0 +1,35 @@
+From 635c8cca65b745476d07c1f5ff701445db25c10d Mon Sep 17 00:00:00 2001
+From: Ilya Gladyshev <ilya.v.gladyshev@gmail.com>
+Date: Wed, 30 Aug 2023 21:19:59 +0100
+Subject: [PATCH] Fix krb5_cccol_have_content() bad pointer free
+
+krb5_cccol_have_content() calls krb5_cc_get_principal() within a loop,
+and frees the resulting principal on success or failure.  Set princ to
+null before each call to ensure we don't free a dangling pointer.
+
+[ghudson@mit.edu: rewrote commit message; moved assignment for greater
+clarity]
+
+ticket: 9103
+tags: pullup
+target_version: 1.21-next
+target_version: 1.20-next
+---
+ src/lib/krb5/ccache/cccursor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
+index 4bcb66b71..926873f2a 100644
+--- a/src/lib/krb5/ccache/cccursor.c
++++ b/src/lib/krb5/ccache/cccursor.c
+@@ -249,6 +249,7 @@ krb5_cccol_have_content(krb5_context context)
+         save_first_error(context, ret, &errsave);
+         if (ret || cache == NULL)
+             break;
++        princ = NULL;
+         ret = krb5_cc_get_principal(context, cache, &princ);
+         save_first_error(context, ret, &errsave);
+         if (!ret)
+-- 
+2.33.0
+
diff --git a/krb5.spec b/krb5.spec
index 17279f9..e831651 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -3,7 +3,7 @@
 
 Name:     krb5
 Version:  1.21.1
-Release:  1
+Release:  3
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -27,6 +27,7 @@ Patch3: netlib-and-dns.patch
 Patch4: fix-debuginfo-with-y.tab.c.patch
 Patch5: Remove-3des-support.patch
 Patch6: fix-CVE-2023-39975-Fix-double-free-in-KDC-TGS-processing.patch
+Patch7: Fix-krb5_cccol_have_content-bad-pointer-free.patch
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -325,6 +326,9 @@ make -C src check || :
 %{_mandir}/man8/*
 
 %changelog
+* Tue Sep 19 2023 xuraoqing<xuraoqing@huawei.com> - 1.21.1-3
+- Fix krb5_cccol_have_content() bad pointer free
+
 * Tue Aug 29 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-2
 - fix CVE-2023-39975
 
-- 
Gitee