[1558] in Kerberos-V5-bugs
krb5_mk_safe(), krb5_rd_safe() free non-malloc'ed memory
daemon@ATHENA.MIT.EDU (Michael Shields)
Thu Jul 20 22:51:09 1995
From: shields@tembel.org (Michael Shields)
To: krb5-bugs@MIT.EDU
Date: Fri, 21 Jul 1995 02:49:56 +0000 (GMT)
There is a very bad typo in krb5_{mk,rd}_safe() that causes it to segfault
on Linux, and at least have a memory leak elsewhere. It occurs four times.
Index: krb/ChangeLog
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/ChangeLog,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ChangeLog
--- ChangeLog 1995/07/18 06:23:34 1.1.1.1
+++ ChangeLog 1995/07/21 02:43:45
@@ -1,3 +1,10 @@
+Fri Jul 21 02:41:20 1995 Michael Shields <shields@tembel.org>
+
+ * mk_safe.c (krb5_mk_safe): CLEANUP_PUSH(local_fulladdr.contents,
+ free), not &local_fulladdr.contents, which is illegal and can
+ segfault. Same for remote_fulladdr.
+ * rd_safe.c (krb5_rd_safe): Ditto.
+
Fri May 5 00:06:24 1995 Theodore Y. Ts'o (tytso@dcl)
* conv_princ.c (krb5_425_conv_principal): Use new calling
Index: krb/mk_safe.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/mk_safe.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 mk_safe.c
--- mk_safe.c 1995/07/18 06:23:35 1.1.1.1
+++ mk_safe.c 1995/07/21 01:59:18
@@ -180,7 +180,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -196,7 +196,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
Index: krb/rd_safe.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/rd_safe.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 rd_safe.c
--- rd_safe.c 1995/07/18 06:23:36 1.1.1.1
+++ rd_safe.c 1995/07/21 02:35:45
@@ -201,7 +201,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -216,7 +216,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
return retval;
--
Shields.
