[687] in Kerberos-V5-bugs
krb5_copy_principal doesn't deal with zero-length components
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Tue Aug 30 18:09:11 1994
Date: Tue, 30 Aug 1994 17:42:06 -0400
From: "Jonathan I. Kamens" <jik@cam.ov.com>
To: krb5-bugs@MIT.EDU
Since components of a principal name are allowed to have length 0,
krb5_copy_principal has to deal with the fact that malloc(0) returns
null on some systems.
A patch is below.
Jonathan Kamens | OpenVision Technologies, Inc. | jik@cam.ov.com
--- copy_princ.c 1993/09/20 20:19:17 1.1
+++ copy_princ.c 1994/08/24 20:50:31
@@ -63,7 +63,8 @@
for (i = 0; i < nelems; i++) {
int len = krb5_princ_component(inprinc, i)->length;
krb5_princ_component(tempprinc, i)->length = len;
- if ((krb5_princ_component(tempprinc, i)->data = malloc(len)) == 0) {
+ if (((krb5_princ_component(tempprinc, i)->data = malloc(len)) == 0) &&
+ len) {
while (--i >= 0)
free(krb5_princ_component(tempprinc, i)->data);
free (tempprinc->data);
@@ -70,13 +71,14 @@
free (tempprinc);
return ENOMEM;
}
- memcpy(krb5_princ_component(tempprinc, i)->data,
- krb5_princ_component(inprinc, i)->data, len);
+ if (len)
+ memcpy(krb5_princ_component(tempprinc, i)->data,
+ krb5_princ_component(inprinc, i)->data, len);
}
tempprinc->realm.data =
malloc(tempprinc->realm.length = inprinc->realm.length);
- if (!tempprinc->realm.data) {
+ if ((!tempprinc->realm.data) && tempprinc->realm.length) {
for (i = 0; i < nelems; i++)
free(krb5_princ_component(tempprinc, i)->data);
free(tempprinc->data);
@@ -83,7 +85,9 @@
free(tempprinc);
return ENOMEM;
}
- memcpy(tempprinc->realm.data, inprinc->realm.data, inprinc->realm.length);
+ if (inprinc->realm.length)
+ memcpy(tempprinc->realm.data, inprinc->realm.data,
+ inprinc->realm.length);
*outprinc = tempprinc;
return 0;
