[1560] in Kerberos-V5-bugs
Wrong free() appears in six files
daemon@ATHENA.MIT.EDU (Michael Shields)
Fri Jul 21 03:12:54 1995
From: shields@tembel.org (Michael Shields)
To: krb5-bugs@MIT.EDU
Date: Fri, 21 Jul 1995 05:26:15 +0000 (GMT)
Earlier I reported a bug in krb5_{mk,rd}_safe that caused it to free
non-malloc'ed memory; now I find that it is in _cred and _priv as well.
Index: src/lib/krb5/krb/ChangeLog
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/ChangeLog,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ChangeLog
--- ChangeLog 1995/07/18 06:23:34 1.1.1.1
+++ ChangeLog 1995/07/21 05:23:10
@@ -1,3 +1,14 @@
+Fri Jul 21 02:41:20 1995 Michael Shields <shields@tembel.org>
+
+ * mk_safe.c (krb5_mk_safe): CLEANUP_PUSH(local_fulladdr.contents,
+ free), not &local_fulladdr.contents, which is illegal and can
+ segfault. Same for remote_fulladdr.
+ * rd_safe.c (krb5_rd_safe): Ditto.
+ * mk_cred.c (krb5_mk_cred): Ditto.
+ * rd_cred.c (krb5_rd_cred): Ditto.
+ * mk_priv.c (krb5_mk_priv): Ditto.
+ * rd_priv.c (krb5_rd_priv): Ditto.
+
Fri May 5 00:06:24 1995 Theodore Y. Ts'o (tytso@dcl)
* conv_princ.c (krb5_425_conv_principal): Use new calling
Index: src/lib/krb5/krb/mk_cred.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/mk_cred.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 mk_cred.c
--- mk_cred.c 1995/07/18 06:23:35 1.1.1.1
+++ mk_cred.c 1995/07/21 05:20:19
@@ -270,7 +270,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))) {
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -285,7 +285,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
Index: src/lib/krb5/krb/mk_priv.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/mk_priv.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 mk_priv.c
--- mk_priv.c 1995/07/18 06:23:35 1.1.1.1
+++ mk_priv.c 1995/07/21 05:20:24
@@ -197,7 +197,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))) {
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -212,7 +212,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
Index: src/lib/krb5/krb/mk_safe.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/mk_safe.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- mk_safe.c 1995/07/18 06:23:35 1.1.1.1
+++ mk_safe.c 1995/07/21 02:51:42 1.2
@@ -180,7 +180,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -196,7 +196,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
Index: src/lib/krb5/krb/rd_cred.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/rd_cred.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 rd_cred.c
--- rd_cred.c 1995/07/18 06:23:36 1.1.1.1
+++ rd_cred.c 1995/07/21 05:20:36
@@ -245,7 +245,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -260,7 +260,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
return retval;
Index: src/lib/krb5/krb/rd_priv.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/rd_priv.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 rd_priv.c
--- rd_priv.c 1995/07/18 06:23:36 1.1.1.1
+++ rd_priv.c 1995/07/21 05:20:43
@@ -210,7 +210,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -225,7 +225,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
Index: src/lib/krb5/krb/rd_safe.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/krb/rd_safe.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- rd_safe.c 1995/07/18 06:23:36 1.1.1.1
+++ rd_safe.c 1995/07/21 02:51:43 1.2
@@ -201,7 +201,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -216,7 +216,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
return retval;
--
Shields.
