[31195] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix gic_keytab crash on memory exhaustion
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Mon Dec 5 18:22:12 2022
From: ghudson@mit.edu
To: <cvs-krb5@mit.edu>
Message-ID: <20221205232202.5BC61102F9F@krbdev.mit.edu>
Date: Mon, 5 Dec 2022 18:22:02 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/6bc90214830cb5239aa397c20763902f10f11786
commit 6bc90214830cb5239aa397c20763902f10f11786
Author: ChenChen Zhou <357726167@qq.com>
Date: Sun Nov 27 22:57:14 2022 +0800
Fix gic_keytab crash on memory exhaustion
get_as_key_keytab() does not check the result of krb5_copy_keyblock(),
and dereferences a null pointer if it fails. Remove the call and
steal the memory from kt_ent instead.
[ghudson@mit.edu: rewrote commit message; fixed comments]
ticket: 9080 (new)
src/lib/krb5/krb/gic_keytab.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index b8b7c1506..f9baabbf9 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -45,7 +45,6 @@ get_as_key_keytab(krb5_context context,
krb5_keytab keytab = (krb5_keytab) gak_data;
krb5_error_code ret;
krb5_keytab_entry kt_ent;
- krb5_keyblock *kt_key;
/* We don't need the password from the responder to create the AS key. */
if (as_key == NULL)
@@ -71,16 +70,13 @@ get_as_key_keytab(krb5_context context,
etype, &kt_ent)))
return(ret);
- ret = krb5_copy_keyblock(context, &kt_ent.key, &kt_key);
-
- /* again, krb5's memory management is lame... */
-
- *as_key = *kt_key;
- free(kt_key);
+ /* Steal the keyblock from kt_ent for the caller. */
+ *as_key = kt_ent.key;
+ memset(&kt_ent.key, 0, sizeof(kt_ent.key));
(void) krb5_kt_free_entry(context, &kt_ent);
- return(ret);
+ return 0;
}
/* Return the list of etypes available for client in keytab. */
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
