[30243] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix double free in kdc hammer
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jun 26 12:14:29 2018
Date: Tue, 26 Jun 2018 12:14:23 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201806261614.w5QGENks031863@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/6c8b6039e67f63b5c657cb0563ae32ea7f00d083
commit 6c8b6039e67f63b5c657cb0563ae32ea7f00d083
Author: Robbie Harwood <rharwood@redhat.com>
Date: Tue Oct 3 15:01:55 2017 -0400
Fix double free in kdc hammer
If kdc5_hammer.c:krb5_string_to_key() fails, we didn't NULL out key
before returning it, leading to potential double-free.
src/tests/hammer/kdc5_hammer.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c
index efb4271..086c21d 100644
--- a/src/tests/hammer/kdc5_hammer.c
+++ b/src/tests/hammer/kdc5_hammer.c
@@ -283,6 +283,8 @@ get_server_key(context, server, enctype, key)
krb5_data salt;
krb5_data pwd;
+ *key = NULL;
+
if ((retval = krb5_principal2salt(context, server, &salt)))
return retval;
@@ -294,8 +296,11 @@ get_server_key(context, server, enctype, key)
if ((*key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)))) {
krb5_use_enctype(context, &eblock, enctype);
- if ((retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt)))
+ retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt);
+ if (retval) {
free(*key);
+ *key = NULL;
+ }
} else
retval = ENOMEM;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
