diff options
author | Ken Raeburn <raeburn@mit.edu> | 2008-06-27 00:20:33 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2008-06-27 00:20:33 +0000 |
commit | 8f5173ed352b5de49108644afeb28069b863ba47 (patch) | |
tree | 9fc7cbbe02ded5b7ed32a754571c324b695ba900 | |
parent | 493428532cb113f28ca8f1a5def7f2a6cee78f5e (diff) | |
download | krb5-8f5173ed352b5de49108644afeb28069b863ba47.zip krb5-8f5173ed352b5de49108644afeb28069b863ba47.tar.gz krb5-8f5173ed352b5de49108644afeb28069b863ba47.tar.bz2 |
Fix possible null pointer deref, possible uninit ptr use, possible
leak in unlikely small-allocation failure case.
ticket: new
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20477 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/rpc/auth_gssapi.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c index bd185bc..fa8ce4b 100644 --- a/src/lib/rpc/auth_gssapi.c +++ b/src/lib/rpc/auth_gssapi.c @@ -165,6 +165,11 @@ AUTH *auth_gssapi_create( auth = (AUTH *) malloc(sizeof(*auth)); pdata = (struct auth_gssapi_data *) malloc(sizeof(*pdata)); if (auth == NULL || pdata == NULL) { + /* They needn't both have failed; clean up. */ + free(auth); + free(pdata); + auth = NULL; + pdata = NULL; rpc_createerr.cf_stat = RPC_SYSTEMERROR; rpc_createerr.cf_error.re_errno = ENOMEM; goto cleanup; @@ -437,12 +442,14 @@ next_token: cleanup: PRINTF(("gssapi_create: bailing\n\n")); - - if (AUTH_PRIVATE(auth)) - auth_gssapi_destroy(auth); - else if (auth) - free(auth); - auth = NULL; + + if (auth) { + if (AUTH_PRIVATE(auth)) + auth_gssapi_destroy(auth); + else + free(auth); + auth = NULL; + } /* don't assume the caller will want to change clnt->cl_auth */ clnt->cl_auth = save_auth; |