diff options
author | Tom Yu <tlyu@mit.edu> | 2007-04-11 02:25:17 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2007-04-11 02:25:17 +0000 |
commit | 53d439b14c75cbdada8e7e7bf2222e76f06cb357 (patch) | |
tree | 70df9c790685d0dd1b42a124efe9c21708b91d42 | |
parent | 555a2c2034e13cc39ef749206d50780021819842 (diff) | |
download | krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.zip krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.tar.gz krb5-53d439b14c75cbdada8e7e7bf2222e76f06cb357.tar.bz2 |
(krb5-1.5.x) fix MITKRB5-SA-2007-003
pull up r19171 from trunk
r19171@cathode-dark-space: raeburn | 2007-02-23 19:56:23 -0500
ticket: 5445
status: open
If a reflection is detected, zap the message buffer pointer output
argument as well as actually freeing the buffer. (Found while using
the gsstest option to exercise error conditions.)
ticket: new
tags: pullup
target_version: 1.5.3
version_fixed: 1.5.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19422 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/k5unseal.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 30845bd..8c99986 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { - if (toktype == KG_TOK_SEAL_MSG) + if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } |