[2846] in Kerberos-V5-bugs
krb5-libs/518: missing malloc return-value checks in lib/krb5
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Mon Dec 29 03:07:18 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, mhpower@MIT.EDU
Date: Mon, 29 Dec 1997 03:06:23 EST
From: mhpower@MIT.EDU
Reply-To: mhpower@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 518
>Category: krb5-libs
>Synopsis: missing malloc return-value checks in lib/krb5
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Dec 29 03:07:00 EST 1997
>Last-Modified:
>Originator: Matt Power
>Organization:
MIT
>Release: current
>Environment:
any
System: any
Machine: any
>Description:
In some portions of the code under lib/krb5, the return
value of malloc is not checked. This can result in
anomalous behavior if the return value is NULL.
>How-To-Repeat:
Call the library functions in an environment in which
there is little free virtual memory.
>Fix:
*** krb5-current/src/lib/krb5/asn.1/asn1buf.c.old Sun Dec 28 03:04:45 1997
--- krb5-current/src/lib/krb5/asn.1/asn1buf.c Mon Dec 29 02:13:06 1997
***************
*** 237,238 ****
--- 237,242 ----
(*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char));
+ if ((*code)->data == NULL){
+ free(*code);
+ return ENOMEM;
+ }
for(i=0; i < (*code)->length; i++)
*** krb5-current/src/lib/krb5/krb/chpw.c.old Sun Dec 28 03:05:05 1997
--- krb5-current/src/lib/krb5/krb/chpw.c Mon Dec 29 01:48:46 1997
***************
*** 33,34 ****
--- 33,36 ----
packet->data = (char *) malloc(packet->length);
+ if (packet->data == NULL)
+ return(ENOMEM);
ptr = packet->data;
***************
*** 178,179 ****
--- 180,185 ----
result_data->data = (char *) malloc(result_data->length);
+ if (result_data->data == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
memcpy(result_data->data, ptr, result_data->length);
*** krb5-current/src/lib/krb5/krb/preauth.c.old Sun Dec 28 03:05:09 1997
--- krb5-current/src/lib/krb5/krb/preauth.c Mon Dec 29 02:00:03 1997
***************
*** 480,481 ****
--- 480,484 ----
prompt_len+ strlen(sep3) + 1);
+ if (p == NULL) {
+ return NULL;
+ }
if (challenge_len) {
***************
*** 542,544 ****
--- 545,554 ----
char *passcode = malloc(pcsize+1);
+ if (passcode == NULL) {
+ return ENOMEM;
+ }
prompt = handle_sam_labels(sam_challenge);
+ if (prompt == NULL) {
+ free(passcode);
+ return ENOMEM;
+ }
retval = krb5_read_password(context, prompt, 0, passcode, &pcsize);
***************
*** 554,555 ****
--- 564,568 ----
prompt = handle_sam_labels(sam_challenge);
+ if (prompt == NULL) {
+ return ENOMEM;
+ }
retval = sam_get_pass_from_user(context, etype_info, key_proc,
*** krb5-current/src/lib/krb5/os/changepw.c.old Sun Dec 28 03:05:13 1997
--- krb5-current/src/lib/krb5/os/changepw.c Mon Dec 29 02:03:06 1997
***************
*** 127,130 ****
--- 127,132 ----
addr_p = (struct sockaddr *) malloc(sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
host = hostlist[0];
***************
*** 168,171 ****
--- 170,175 ----
realloc ((char *)addr_p,
sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
}
}
*** krb5-current/src/lib/krb5/os/locate_kdc.c.old Sun Dec 28 03:05:15 1997
--- krb5-current/src/lib/krb5/os/locate_kdc.c Mon Dec 29 02:03:34 1997
***************
*** 150,153 ****
--- 150,155 ----
addr_p = (struct sockaddr *)malloc (sizeof (struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
for (i=0, out=0; hostlist[i]; i++) {
***************
*** 196,199 ****
--- 198,203 ----
realloc ((char *)addr_p,
sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
}
if (sec_udpport && !port) {
>Audit-Trail:
>Unformatted:
