* cp_key_cnt.c, copy_princ.c:

    prevent krb5_copy_principal() and krb5_copy_keyblock() from
    calling malloc(0).  On platforms in which malloc(0) returns
    NULL, these functions will return an ENOMEM error the way
    they were written.

ticket: 2881
target_version: 1.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17045 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 34 insertions, 19 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index c62d7df..2241278 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,11 @@
+2005-01-15  Jeffrey Altman <jaltman@mit.edu>
+
+        * cp_key_cnt.c, copy_princ.c:
+          prevent krb5_copy_principal() and krb5_copy_keyblock() from
+          calling malloc(0).  On platforms in which malloc(0) returns   
+          NULL, these functions will return an ENOMEM error the way
+          they were written.  
+
 2005-01-11  Ken Raeburn  <raeburn@mit.edu>
 
 	* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Free credentials
diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c
index 569e55b..f623236 100644
--- a/src/lib/krb5/krb/copy_princ.c
+++ b/src/lib/krb5/krb/copy_princ.c
@@ -60,32 +60,36 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri
     for (i = 0; i < nelems; i++) {
 	unsigned int len = krb5_princ_component(context, inprinc, i)->length;
 	krb5_princ_component(context, tempprinc, i)->length = len;
-	if (((krb5_princ_component(context, tempprinc, i)->data =
-	      malloc(len)) == 0) && len) {
-	    while (--i >= 0)
-		free(krb5_princ_component(context, tempprinc, i)->data);
-	    free (tempprinc->data);
-	    free (tempprinc);
-	    return ENOMEM;
-	}
-	if (len)
+        if (len) {
+            if (((krb5_princ_component(context, tempprinc, i)->data =
+                   malloc(len)) == 0)) {
+                while (--i >= 0)
+                    free(krb5_princ_component(context, tempprinc, i)->data);
+                free (tempprinc->data);
+                free (tempprinc);
+                return ENOMEM;
+            }
 	    memcpy(krb5_princ_component(context, tempprinc, i)->data,
 		   krb5_princ_component(context, inprinc, i)->data, len);
+        } else
+            krb5_princ_component(context, tempprinc, i)->data = 0;
     }
 
-    tempprinc->realm.data =
+    if (tempprinc->realm.length) {
+        tempprinc->realm.data =
 	    malloc(tempprinc->realm.length = inprinc->realm.length);
-    if (!tempprinc->realm.data && tempprinc->realm.length) {
+        if (!tempprinc->realm.data) {
 	    for (i = 0; i < nelems; i++)
-		    free(krb5_princ_component(context, tempprinc, i)->data);
+                free(krb5_princ_component(context, tempprinc, i)->data);
 	    free(tempprinc->data);
 	    free(tempprinc);
 	    return ENOMEM;
-    }
-    if (tempprinc->realm.length)
+        }
 	memcpy(tempprinc->realm.data, inprinc->realm.data,
 	       inprinc->realm.length);
-    
+    } else
+        tempprinc->realm.data = 0;
+
     *outprinc = tempprinc;
     return 0;
 }
diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c
index b39a6a9..150be0a 100644
--- a/src/lib/krb5/krb/cp_key_cnt.c
+++ b/src/lib/krb5/krb/cp_key_cnt.c
@@ -36,9 +36,12 @@ krb5_error_code KRB5_CALLCONV
 krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to)
 {
     *to = *from;
-    to->contents = (krb5_octet *)malloc(to->length);
-    if (!to->contents)
-	return ENOMEM;
-    memcpy((char *)to->contents, (char *)from->contents, to->length);
+    if (to->length) {
+        to->contents = (krb5_octet *)malloc(to->length);
+        if (!to->contents)
+            return ENOMEM;
+        memcpy((char *)to->contents, (char *)from->contents, to->length);
+    } else 
+        to->contents = 0;
     return 0;
 }