[16117] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8740] Null pointer deference in function CLeashApp

daemon@ATHENA.MIT.EDU (Yang Xiao via RT)
Tue Sep 18 13:07:16 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Yang Xiao via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8740@krbdev.mit.edu>
Message-ID: <rt-8740-48826.14.1931854328983@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8740'":;
Date: Tue, 18 Sep 2018 13:07:09 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: multipart/mixed; boundary="===============2685181862930427351=="
Errors-To: krb5-bugs-bounces@mit.edu

--===============2685181862930427351==

Hi,

There is a null pointer deference in function 
CLeashApp::GetProfileFile() in Leash.cpp.

1017 BOOL
1018 CLeashApp::GetProfileFile(
1019     LPSTR confname,
1020     UINT szConfname
1021     )
1022 {
1023     char **configFile = NULL;
1024     if (!m_hKrb5DLL)
1025         return NULL;
1026
1027     if (pkrb5_get_default_config_files(&configFile))
1028     {
1029         GetWindowsDirectory(confname,szConfname);
1030         confname[szConfname-1] = '\0';
1031 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
1032         confname[szConfname-1] = '\0';
1033         return FALSE;
1034     }
1035
1036     *confname = 0;
1037
1038     if (configFile)
1039     {
1040         strncpy(confname, *configFile, szConfname);
1041         confname[szConfname-1] = '\0';
1042         pkrb5_free_config_files(configFile);
1043     }
1044
1045     if (!*confname)
1046     {
1047         GetWindowsDirectory(confname,szConfname);
1048         confname[szConfname-1] = '\0';
1049 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
1050         confname[szConfname-1] = '\0';
1051     }
1052
1053     return FALSE;
1054 }

if krb5_get_default_config_files() returns success and an empty list, 
then GetProfileFile () will attempt to dereference a null pointer. check 
for the empty list and treat it as failure.

Below is the proposal patch for function CLeashApp::GetProfileFile().

-        if (pkrb5_get_default_config_files(&configFile))
+        if (pkrb5_get_default_config_files(&configFile) || !configFile[0])
          {
              GetWindowsDirectory(confname,szConfname);
              confname[szConfname-1] = '\0';

Young



--===============2685181862930427351==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

--===============2685181862930427351==--

home help back first fref pref prev next nref lref last post