[28191] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.11]: Fix possible null deref in previous
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Jan 16 15:47:20 2014
Date: Thu, 16 Jan 2014 15:46:39 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201401162046.s0GKkdkv013964@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/8acb855e63260fa4d114563107fcc776b3446336
commit 8acb855e63260fa4d114563107fcc776b3446336
Author: Tom Yu <tlyu@mit.edu>
Date: Tue Dec 31 19:41:12 2013 -0500
Fix possible null deref in previous
My rework of the do_tgs_req.c patch introduced a null deref if
decode_krb5_tgs_req() failed.
(cherry picked from commit 30589b2a1636de9f9b68591f0e546cb0fa21989f)
ticket: 7831
version_fixed: 1.11.5
status: resolved
src/kdc/do_tgs_req.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index ef69763..e3fdce4 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -145,11 +145,12 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
session_key.contents = NULL;
retval = decode_krb5_tgs_req(pkt, &request);
- /* Save pointer to client-requested service principal, in case of errors
- * before a successful call to search_sprinc(). */
- sprinc = request->server;
if (retval)
return retval;
+ /* Save pointer to client-requested service principal, in case of
+ * errors before a successful call to search_sprinc(). */
+ sprinc = request->server;
+
if (request->msg_type != KRB5_TGS_REQ) {
krb5_free_kdc_req(handle->kdc_err_context, request);
return KRB5_BADMSGTYPE;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
