[2995] in Kerberos-V5-bugs
krb5-libs/657: krb5_copy_key_contents() broken
daemon@ATHENA.MIT.EDU (fcusack@iconnet.net)
Mon Nov 9 11:09:29 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, fcusack@iconnet.net
Date: Mon, 9 Nov 1998 11:02:55 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
>Number: 657
>Category: krb5-libs
>Synopsis: krb5_copy_key_contents() broken
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 09 11:03:01 EST 1998
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Icon CMT Corp.
>Release: krb5-current-19981012
>Environment:
systems that do not have "c structure assignment"
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
krb5_copy_key_contents simply points to -> from, and leaks
from->contents.
>How-To-Repeat:
>Fix:
diff -u -r1.1 -r1.4
--- cp_key_cnt.c 1998/10/14 00:47:17 1.1
+++ cp_key_cnt.c 1998/11/09 15:58:34 1.4
@@ -35,7 +35,12 @@
const krb5_keyblock FAR *from;
krb5_keyblock FAR *to;
{
+#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
*to = *from;
+#else
+ memcpy(to, from, sizeof(krb5_keyblock));
+#endif
+
to->contents = (krb5_octet *)malloc(to->length);
if (!to->contents)
return ENOMEM;
>Audit-Trail:
>Unformatted:
