[29468] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.14]: Fix unlikely pointer error in get_in_tkt.c
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Jul 6 16:32:59 2016
Date: Wed, 6 Jul 2016 16:30:46 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201607062030.u66KUksc007567@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/ca76fe6dc46e58019ff8ec7f682f11c6eaa39132
commit ca76fe6dc46e58019ff8ec7f682f11c6eaa39132
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon May 9 13:45:06 2016 -0400
Fix unlikely pointer error in get_in_tkt.c
In add_padata(), reset the caller's pointer and ensure the list is
terminated as soon as realloc() succeeds; otherwise, the old pointer
could be left behind if a later allocation fails.
(cherry picked from commit 24452cd737951fa6e0f35e97c6a644a9db0aa82d)
ticket: 8413
version_fixed: 1.14.3
src/lib/krb5/krb/get_in_tkt.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index ba635fe..b78e19a 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -342,10 +342,11 @@ request_enc_pa_rep(krb5_pa_data ***padptr)
if (pad)
for (size=0; pad[size]; size++);
pad = realloc(pad, sizeof(*pad)*(size+2));
-
if (pad == NULL)
return ENOMEM;
- pad[size+1] = NULL;
+ *padptr = pad;
+ pad[size] = pad[size + 1] = NULL;
+
pa = malloc(sizeof(krb5_pa_data));
if (pa == NULL)
return ENOMEM;
@@ -353,7 +354,6 @@ request_enc_pa_rep(krb5_pa_data ***padptr)
pa->length = 0;
pa->pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
pad[size] = pa;
- *padptr = pad;
return 0;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5