[28218] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.10]: Avoid malloc(0) in SPNEGO get_input_token

daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Jan 22 22:38:04 2014

Date: Wed, 22 Jan 2014 22:37:57 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201401230337.s0N3bvUu030983@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/c9eaac15a27a61df98b063d0a8432422a9b96f24
commit c9eaac15a27a61df98b063d0a8432422a9b96f24
Author: Greg Hudson <ghudson@mit.edu>
Date:   Fri Dec 6 18:56:56 2013 -0500

    Avoid malloc(0) in SPNEGO get_input_token
    
    If we read a zero-length token in spnego_mech.c's get_input_token(),
    set the value pointer to NULL instead of calling malloc(0).
    
    (cherry picked from commit 13fd26e1863c79f616653f6a10a58c01f65fceff)
    
    ticket: 7841 (new)
    version_fixed: 1.10.8
    status: resolved

 src/lib/gssapi/spnego/spnego_mech.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index f916e49..fe93140 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -3071,14 +3071,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length)
 		return (NULL);
 
 	input_token->length = len;
-	input_token->value = gssalloc_malloc(input_token->length);
+	if (input_token->length > 0) {
+		input_token->value = gssalloc_malloc(input_token->length);
+		if (input_token->value == NULL) {
+			free(input_token);
+			return (NULL);
+		}
 
-	if (input_token->value == NULL) {
-		free(input_token);
-		return (NULL);
+		memcpy(input_token->value, *buff_in, input_token->length);
+	} else {
+		input_token->value = NULL;
 	}
-
-	(void) memcpy(input_token->value, *buff_in, input_token->length);
 	*buff_in += input_token->length;
 	return (input_token);
 }
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post