diff options
author | Tom Yu <tlyu@mit.edu> | 2011-03-15 23:26:53 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2011-03-15 23:26:53 +0000 |
commit | a28b7e762ae6778b3b683db4eea777cd9ebc4e4b (patch) | |
tree | 59b84f6ebd167d538a50ba1720d387b0554b6a8d | |
parent | a4227a7e08059606172a0ab607bee915355331c0 (diff) | |
download | krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.zip krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.tar.gz krb5-a28b7e762ae6778b3b683db4eea777cd9ebc4e4b.tar.bz2 |
pull up r24705 from trunk
------------------------------------------------------------------------
r24705 | tlyu | 2011-03-15 17:47:19 -0400 (Tue, 15 Mar 2011) | 8 lines
ticket: 6881
subject: KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
tags: pullup
target_version: 1.9.1
Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.
ticket: 6881
version_fixed: 1.9.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24706 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kdc/do_as_req.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 46b5fa1..464cb6e 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, pad->contents = td[size]->data; pad->length = td[size]->length; pa[size] = pad; + td[size]->data = NULL; + td[size]->length = 0; } krb5_free_typed_data(kdc_context, td); } |