[16096] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8727] Directly dereference the pointer svalue which

daemon@ATHENA.MIT.EDU (Bean Zhang via RT)
Fri Aug 10 11:17:07 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Bean Zhang via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8727@krbdev.mit.edu>
Message-ID: <rt-8727-48747.9.61888900035099@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8727'":;
Date: Fri, 10 Aug 2018 11:17:01 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Hi Team,

In kadm5_get_config_params() of krb5-1.16.1/src/lib/kadm5/alt_prof.c,
After calling strdup() to assign pointer svalue,
we directly dereference it without checking if it is valid.

We should add pointer validity checking for svalue after assigning.

Could someone help to take a look?

Thanks,
Bean

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post