[3574] in Kerberos-V5-bugs
[krbdev.mit.edu #1235] Bug in gss_krb5_ccache_name
daemon@ATHENA.MIT.EDU (Ben Cox via RT)
Thu Oct 31 12:59:18 2002
Message-Id: <rt-1235-3262.9.1331577578508@krbdev.mit.edu>
In-Reply-To: <rt-1235@krbdev.mit.edu>
From: "Ben Cox via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Thu, 31 Oct 2002 12:58:25 -0500 (EST)
Hello,
The attached unified diff against the krb5-1.2.6 source tree fixes a bug
in gss_krb5_ccache_name returns a string that has been freed.
The gss_krb5_ccache_name function has an "out_name" parameter that is
supposed to give the old value of the default ccache name.
Unfortunately, before control returns to the caller,
gss_krb5_ccache_name calls krb5_cc_set_default_name, which frees the
buffer that has just been pointed to by *out_name.
The attached patch fixes gss_krb5_ccache_name to strdup the string
before returning (and return GSS_S_FAILURE if the strdup fails). It
also fixes the only caller of gss_krb5_ccache_name (that I could find in
the source tree), which was strdup'ing the result, not to strdup it
anymore.
Thanks,
-- Ben Cox
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
