[5114] in Kerberos

home help back first fref pref prev next nref lref last post

memory stomping bug in krb5_make_fulladdr

daemon@ATHENA.MIT.EDU (Scott Schwartz)
Mon May 8 23:56:12 1995

To: kerberos@MIT.EDU
Date: 09 May 1995 03:44:35 GMT
From: schwartz@galapagos.cse.psu.edu (Scott Schwartz)

There's a typo in lib/krb5/ls/mk_faddr.c that can cause serious memory
corruption (telnet -a -f will exercise this.)  Here's a patch:

*** 1.1	1995/05/08 22:31:34
--- mk_faddr.c	1995/05/08 22:36:53
***************
*** 49,55 ****
  	return EINVAL;
  
      raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32));
!     if (!(raddr->contents = (krb5_octet *)malloc(kaddr->length)))
  	return ENOMEM;
  
      raddr->addrtype = ADDRTYPE_ADDRPORT;
--- 49,55 ----
  	return EINVAL;
  
      raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32));
!     if (!(raddr->contents = (krb5_octet *)malloc(raddr->length)))
  	return ENOMEM;
  
      raddr->addrtype = ADDRTYPE_ADDRPORT;

home help back first fref pref prev next nref lref last post