[1446] in Kerberos-V5-bugs
Re: Kerberos 5 Beta 5 - CLEANUP_PUSH Bug
daemon@ATHENA.MIT.EDU (Christopher Provenzano)
Sat Jun 3 20:00:59 1995
To: "Doug Engert" <DEEngert@anl.gov>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: Your message of "Sat, 03 Jun 1995 15:57:27 CDT."
<9506032057.AA12634@MIT.EDU>
Date: Sat, 03 Jun 1995 20:00:29 EDT
From: Christopher Provenzano <proven@MIT.EDU>
> The routines mk_priv.c, mk_safe.c rd_cred.c, rd_priv.c, rd_safe.c and
> mk_cred.c all use the CLENAUP_PUSH macros defined in cleanup.h.
>
> When they call the CLENAUP_PUSH they pass the address of the pointer
> to the area to be cleaned up by free. The CLEANUP_DONE macro
> then calls free() with this pointer to a pointer, rather then the pointer.
>
> This caused a segmentation fault on a Linux system, and may cause other
> problems on other systems as well. This was discovered trying to forward
> credentials from a Linux system to other systems.
>
> A possible fix is to change the above named routines or to change the
> cleanup.h file with something like this:
The correct fix is to change the named routines to pass the pointer not the
pointer to the pointer. A fix for this will go out in the next patch release.
CAP
