[1840] in Kerberos-V5-bugs
krb5 BETA 5 bugs associated with "krb5_make_fulladdr"
daemon@ATHENA.MIT.EDU (Kevin Buhr)
Wed Mar 20 15:31:20 1996
Date: Wed, 20 Mar 96 14:30 CST
To: krb5-bugs@MIT.EDU
From: buhr@stat.wisc.edu (Kevin Buhr)
Reply-To: buhr@stat.wisc.edu
This concerns the "krb5.*.B5.tar.gz" distribution.
I've found a number of memory allocation bugs associated with
"fulladdr" processing. The function "krb5_make_fulladdr" correctly
calculates the quantity "raddr->length", but incorrectly allocates
"kaddr->length" bytes of memory for the "raddr->contents". Also, all
functions that call "krb5_make_fulladdr" perform cleanup by trying to
free the contents *pointer* within the structure instead of the actual
contents.
A unified diff is enclosed.
Kevin <buhr@stat.wisc.edu>
--- 1.1 1996/03/20 01:12:09
+++ src/lib/krb5/krb/mk_cred.c 1996/03/20 01:13:26
@@ -270,7 +270,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))) {
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -285,7 +285,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
--- 1.1 1996/03/20 01:17:58
+++ src/lib/krb5/krb/mk_priv.c 1996/03/20 01:19:32
@@ -197,7 +197,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))) {
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -212,7 +212,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
--- 1.1 1996/03/20 01:18:15
+++ src/lib/krb5/krb/mk_safe.c 1996/03/20 01:19:31
@@ -180,7 +180,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
goto error;
@@ -196,7 +196,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
--- 1.1 1996/03/20 01:18:33
+++ src/lib/krb5/krb/rd_cred.c 1996/03/20 01:19:31
@@ -245,7 +245,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -260,7 +260,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
return retval;
--- 1.1 1996/03/20 01:19:05
+++ src/lib/krb5/krb/rd_priv.c 1996/03/20 01:19:30
@@ -210,7 +210,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -225,7 +225,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
CLEANUP_DONE();
--- 1.1 1996/03/20 01:19:20
+++ src/lib/krb5/krb/rd_safe.c 1996/03/20 01:19:29
@@ -201,7 +201,7 @@
if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
auth_context->local_port,
&local_fulladdr))){
- CLEANUP_PUSH(&local_fulladdr.contents, free);
+ CLEANUP_PUSH(local_fulladdr.contents, free);
plocal_fulladdr = &local_fulladdr;
} else {
return retval;
@@ -216,7 +216,7 @@
if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
auth_context->remote_port,
&remote_fulladdr))){
- CLEANUP_PUSH(&remote_fulladdr.contents, free);
+ CLEANUP_PUSH(remote_fulladdr.contents, free);
premote_fulladdr = &remote_fulladdr;
} else {
return retval;
--- 1.1 1996/03/18 19:25:21
+++ src/lib/krb5/os/mk_faddr.c 1996/03/18 19:25:29
@@ -49,7 +49,7 @@
return EINVAL;
raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32));
- if (!(raddr->contents = (krb5_octet *)malloc(kaddr->length)))
+ if (!(raddr->contents = (krb5_octet *)malloc(raddr->length)))
return ENOMEM;
raddr->addrtype = ADDRTYPE_ADDRPORT;
