[28215] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix gss_pseudo_random leak on zero length output
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jan 22 19:25:00 2014
Date: Wed, 22 Jan 2014 19:24:54 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201401230024.s0N0OsHx018888@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/a44945dfa6502d4cd99943b2448ada389bc22b73
commit a44945dfa6502d4cd99943b2448ada389bc22b73
Author: Greg Hudson <ghudson@mit.edu>
Date: Sat Jan 18 13:03:32 2014 -0500
Fix gss_pseudo_random leak on zero length output
Nobody is likely to ever ask for zero bytes of output from
gss_pseudo_random, but if they do, just return an empty buffer without
allocating. Otherwise we leak memory because gss_release_buffer
doesn't do anything to buffers with length 0.
ticket: 7838 (new)
src/lib/gssapi/krb5/prf.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/krb5/prf.c b/src/lib/gssapi/krb5/prf.c
index a0fbcda..bfca89b 100644
--- a/src/lib/gssapi/krb5/prf.c
+++ b/src/lib/gssapi/krb5/prf.c
@@ -81,6 +81,9 @@ krb5_gss_pseudo_random(OM_uint32 *minor_status,
goto cleanup;
}
+ if (desired_output_len == 0)
+ return GSS_S_COMPLETE;
+
prf_out->value = k5alloc(desired_output_len, &code);
if (prf_out->value == NULL) {
code = KG_INPUT_TOO_LONG;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
