[28752] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.11]: Fix unlikely null dereference in mk_cred()
daemon@ATHENA.MIT.EDU (Tom Yu)
Fri Feb 6 18:17:08 2015
Date: Fri, 6 Feb 2015 18:11:50 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201502062311.t16NBof8007627@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/cb819b0dfcaecb7989c4a0cfe7d9da039545576b
commit cb819b0dfcaecb7989c4a0cfe7d9da039545576b
Author: Nalin Dahyabhai <nalin@redhat.com>
Date: Wed Jun 25 12:56:42 2014 -0400
Fix unlikely null dereference in mk_cred()
If krb5_encrypt_keyhelper() returns an error, the ciphertext structure
may contain a non-zero length, but it will already have freed the
pointer to its data, making encrypt_credencpart()'s subsequent attempt
to clear and free the memory fail. Remove that logic.
Based on a patch from Jatin Nansi.
(cherry picked from commit 476284de8dc9a52b5544445cb1b316a417ae88f0)
ticket: 8107 (new)
version_fixed: 1.11.6
status: resolved
src/lib/krb5/krb/mk_cred.c | 7 -------
1 files changed, 0 insertions(+), 7 deletions(-)
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
index 566d138..0a58c9d 100644
--- a/src/lib/krb5/krb/mk_cred.c
+++ b/src/lib/krb5/krb/mk_cred.c
@@ -48,13 +48,6 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
KRB5_KEYUSAGE_KRB_CRED_ENCPART,
scratch, pencdata);
- if (retval) {
- memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
- free(pencdata->ciphertext.data);
- pencdata->ciphertext.length = 0;
- pencdata->ciphertext.data = 0;
- }
-
memset(scratch->data, 0, scratch->length);
krb5_free_data(context, scratch);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
