[11964] in Kerberos-V5-bugs
[krbdev.mit.edu #6901] SVN Commit
daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Thu Apr 14 18:17:16 2011
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Tom Yu via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6901@krbdev.mit.edu>
Message-ID: <rt-6901-33981.7.94035525603498@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6901'":;"'AdminCc of krbdev.mit.edu Ticket #6901'":;@MIT.EDU
Date: Thu, 14 Apr 2011 18:17:12 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
back-port r24878 for 1.7-branch
------------------------------------------------------------------------
r24878 | tlyu | 2011-04-13 14:43:37 -0400 (Wed, 13 Apr 2011) | 11 lines
ticket: 6899
tags: pullup
target_version: 1.9.1
Fix the sole case in process_chpw_request() where a return could occur
without allocating the data pointer in the response. This prevents a
later free() of an invalid pointer in kill_tcp_or_rpc_connection().
Also initialize rep->data to NULL in process_chpw_request() and clean
up *response in dispatch() as an additional precaution.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24881
Commit By: tlyu
Revision: 24881
Changed Files:
U branches/krb5-1-7/src/kadmin/server/network.c
U branches/krb5-1-7/src/kadmin/server/schpw.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
