pull up r24705 from trunk

------------------------------------------------------------------------ r24705 | tlyu | 2011-03-15 17:47:19 -0400 (Tue, 15 Mar 2011) | 8 lines ticket: 6881 subject: KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284] tags: pullup target_version: 1.9.1 Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 version_fixed: 1.9.1 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24706 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2011-03-15 23:26:53 +0000
committer: Tom Yu <tlyu@mit.edu> 2011-03-15 23:26:53 +0000
commit: a28b7e762ae6778b3b683db4eea777cd9ebc4e4b (patch)
tree: 59b84f6ebd167d538a50ba1720d387b0554b6a8d
parent: a4227a7e08059606172a0ab607bee915355331c0 (diff)
download: krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.zip
krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.tar.gz
krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 46b5fa1..464cb6e 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
                     pad->contents = td[size]->data;
                     pad->length = td[size]->length;
                     pa[size] = pad;
+                    td[size]->data = NULL;
+                    td[size]->length = 0;
                 }
             krb5_free_typed_data(kdc_context, td);
         }
author	Tom Yu <tlyu@mit.edu>	2011-03-15 23:26:53 +0000
committer	Tom Yu <tlyu@mit.edu>	2011-03-15 23:26:53 +0000
commit	a28b7e762ae6778b3b683db4eea777cd9ebc4e4b (patch)
tree	59b84f6ebd167d538a50ba1720d387b0554b6a8d
parent	a4227a7e08059606172a0ab607bee915355331c0 (diff)
download	krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.zip krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.tar.gz krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.tar.bz2