aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2016-05-09 13:45:06 -0400
committerTom Yu <tlyu@mit.edu>2016-07-06 15:17:06 -0400
commit7c4a7adf7f224868c936cb56804ebd17d5d58756 (patch)
tree135e6bf61dc196241da0241dc77c724814c9000e
parenteaebfbd3b6200b81c2550af1cb8f58a436b11e02 (diff)
downloadkrb5-7c4a7adf7f224868c936cb56804ebd17d5d58756.zip
krb5-7c4a7adf7f224868c936cb56804ebd17d5d58756.tar.gz
krb5-7c4a7adf7f224868c936cb56804ebd17d5d58756.tar.bz2
Fix unlikely pointer error in get_in_tkt.c
In add_padata(), reset the caller's pointer and ensure the list is terminated as soon as realloc() succeeds; otherwise, the old pointer could be left behind if a later allocation fails. (cherry picked from commit 24452cd737951fa6e0f35e97c6a644a9db0aa82d) ticket: 8413 version_fixed: 1.13.6 tags: -pullup status: resolved
Diffstat
-rw-r--r--src/lib/krb5/krb/get_in_tkt.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 7a50161..4ec4e55 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -342,10 +342,11 @@ request_enc_pa_rep(krb5_pa_data ***padptr)
if (pad)
for (size=0; pad[size]; size++);
pad = realloc(pad, sizeof(*pad)*(size+2));
-
if (pad == NULL)
return ENOMEM;
- pad[size+1] = NULL;
+ *padptr = pad;
+ pad[size] = pad[size + 1] = NULL;
+
pa = malloc(sizeof(krb5_pa_data));
if (pa == NULL)
return ENOMEM;
@@ -353,7 +354,6 @@ request_enc_pa_rep(krb5_pa_data ***padptr)
pa->length = 0;
pa->pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
pad[size] = pa;
- *padptr = pad;
return 0;
}
generated by cgit v1.1 at 2024-06-28 08:53:58 +0000