diff options
author | Greg Hudson <ghudson@mit.edu> | 2016-05-09 13:45:06 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-07-06 15:17:06 -0400 |
commit | 7c4a7adf7f224868c936cb56804ebd17d5d58756 (patch) | |
tree | 135e6bf61dc196241da0241dc77c724814c9000e | |
parent | eaebfbd3b6200b81c2550af1cb8f58a436b11e02 (diff) | |
download | krb5-7c4a7adf7f224868c936cb56804ebd17d5d58756.zip krb5-7c4a7adf7f224868c936cb56804ebd17d5d58756.tar.gz krb5-7c4a7adf7f224868c936cb56804ebd17d5d58756.tar.bz2 |
Fix unlikely pointer error in get_in_tkt.c
In add_padata(), reset the caller's pointer and ensure the list is
terminated as soon as realloc() succeeds; otherwise, the old pointer
could be left behind if a later allocation fails.
(cherry picked from commit 24452cd737951fa6e0f35e97c6a644a9db0aa82d)
ticket: 8413
version_fixed: 1.13.6
tags: -pullup
status: resolved
-rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 7a50161..4ec4e55 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -342,10 +342,11 @@ request_enc_pa_rep(krb5_pa_data ***padptr) if (pad) for (size=0; pad[size]; size++); pad = realloc(pad, sizeof(*pad)*(size+2)); - if (pad == NULL) return ENOMEM; - pad[size+1] = NULL; + *padptr = pad; + pad[size] = pad[size + 1] = NULL; + pa = malloc(sizeof(krb5_pa_data)); if (pa == NULL) return ENOMEM; @@ -353,7 +354,6 @@ request_enc_pa_rep(krb5_pa_data ***padptr) pa->length = 0; pa->pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; pad[size] = pa; - *padptr = pad; return 0; } |