[1031] in Kerberos-V5-bugs
salt.saltdata.data not initialized to zero
daemon@ATHENA.MIT.EDU (Jim Miller)
Tue Jan 3 20:57:06 1995
From: jim@bilbo.suite.com (Jim Miller)
Date: Tue, 3 Jan 95 19:57:09 -0600
To: krb5-bugs@MIT.EDU
Reply-To: Jim_Miller@suite.com
This bug report is for KRB5, beta 4, patchlevel 3.
In the function adm_enter_pwd_key (kadmin/server/adm_funcs.c)...
The local variables "salt" and "altsalt" should have their data fields
initialized to zero at the top of the function. If somebody passes in an
invalid salttype, the default case jumps to "cleanup" which frees
salt.saltdata.data if it is non-zero. Since "salt.saltdata.data" wasn't
set to any value, it could contain non-zero stack junk, screwing up the
free call.
Solution: add the following line of code at the start of the function...
salt.saltdata.data = altsalt.saltdata.data = 0;
Jim_Miller@suite.com
