[2216] in Kerberos-V5-bugs
uninitialized memory in k5b6 get_in_tkt.c
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Wed Sep 11 19:03:17 1996
To: krb5-bugs@MIT.EDU
Date: Wed, 11 Sep 1996 18:59:51 -0400
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
get_in_tkt.c::make_preauth_list() allocates an array of N+1
(krb5_pa_data*)'s for the usual NULL-terminated array of pointers
structure used throughout krb5, but never actually NULL-terminates the
array.
The following excerpt from a context diff shows where the fix should go..
(*preauthp)->pa_type = *ptypep;
(*preauthp)->length = 0;
(*preauthp)->contents = 0;
}
+ *preauthp = NULL;
*ret_list = preauth_to_use;
return 0;
}
