[31304] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix leak in KDC NDR encoding
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Mar 19 10:54:05 2024
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20240319145356.824AE1019E0@krbdev.mit.edu>
Date: Tue, 19 Mar 2024 10:53:56 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe
commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Mar 5 17:38:49 2024 -0500
Fix leak in KDC NDR encoding
If the KDC tries to encode a principal containing encode invalid UTF-8
sequences for inclusion in a PAC delegation info buffer, it will leak
a small amount of memory in enc_wchar_pointer() before failing. Fix
the leak.
ticket: 9115 (new)
tags: pullup
target_version: 1.21-next
src/kdc/ndr.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c
index 48395abe5..d438408ee 100644
--- a/src/kdc/ndr.c
+++ b/src/kdc/ndr.c
@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out)
size_t utf16len, num_wchars;
uint8_t *utf16;
- k5_buf_init_dynamic(&b);
-
ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len);
if (ret)
return ret;
num_wchars = utf16len / 2;
+ k5_buf_init_dynamic(&b);
k5_buf_add_uint32_le(&b, num_wchars + 1);
k5_buf_add_uint32_le(&b, 0);
k5_buf_add_uint32_le(&b, num_wchars);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5