diff options
author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-01-15 06:34:08 +0000 |
---|---|---|
committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-01-15 06:34:08 +0000 |
commit | 9f9f9321d2944985af9d4c37cb6ee81366eb55e0 (patch) | |
tree | b5a195be08642bb35c32be61f0d4a023efd40b45 /src/lib/krb5/krb | |
parent | e37c2d0506961e0e394c532b585406d1ab6cac94 (diff) | |
download | krb5-9f9f9321d2944985af9d4c37cb6ee81366eb55e0.zip krb5-9f9f9321d2944985af9d4c37cb6ee81366eb55e0.tar.gz krb5-9f9f9321d2944985af9d4c37cb6ee81366eb55e0.tar.bz2 |
* cp_key_cnt.c, copy_princ.c:
prevent krb5_copy_principal() and krb5_copy_keyblock() from
calling malloc(0). On platforms in which malloc(0) returns
NULL, these functions will return an ENOMEM error the way
they were written.
ticket: 2881
target_version: 1.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17045 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r-- | src/lib/krb5/krb/ChangeLog | 8 | ||||
-rw-r--r-- | src/lib/krb5/krb/copy_princ.c | 34 | ||||
-rw-r--r-- | src/lib/krb5/krb/cp_key_cnt.c | 11 |
3 files changed, 34 insertions, 19 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index c62d7df..2241278 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,11 @@ +2005-01-15 Jeffrey Altman <jaltman@mit.edu> + + * cp_key_cnt.c, copy_princ.c: + prevent krb5_copy_principal() and krb5_copy_keyblock() from + calling malloc(0). On platforms in which malloc(0) returns + NULL, these functions will return an ENOMEM error the way + they were written. + 2005-01-11 Ken Raeburn <raeburn@mit.edu> * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Free credentials diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c index 569e55b..f623236 100644 --- a/src/lib/krb5/krb/copy_princ.c +++ b/src/lib/krb5/krb/copy_princ.c @@ -60,32 +60,36 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri for (i = 0; i < nelems; i++) { unsigned int len = krb5_princ_component(context, inprinc, i)->length; krb5_princ_component(context, tempprinc, i)->length = len; - if (((krb5_princ_component(context, tempprinc, i)->data = - malloc(len)) == 0) && len) { - while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); - free (tempprinc->data); - free (tempprinc); - return ENOMEM; - } - if (len) + if (len) { + if (((krb5_princ_component(context, tempprinc, i)->data = + malloc(len)) == 0)) { + while (--i >= 0) + free(krb5_princ_component(context, tempprinc, i)->data); + free (tempprinc->data); + free (tempprinc); + return ENOMEM; + } memcpy(krb5_princ_component(context, tempprinc, i)->data, krb5_princ_component(context, inprinc, i)->data, len); + } else + krb5_princ_component(context, tempprinc, i)->data = 0; } - tempprinc->realm.data = + if (tempprinc->realm.length) { + tempprinc->realm.data = malloc(tempprinc->realm.length = inprinc->realm.length); - if (!tempprinc->realm.data && tempprinc->realm.length) { + if (!tempprinc->realm.data) { for (i = 0; i < nelems; i++) - free(krb5_princ_component(context, tempprinc, i)->data); + free(krb5_princ_component(context, tempprinc, i)->data); free(tempprinc->data); free(tempprinc); return ENOMEM; - } - if (tempprinc->realm.length) + } memcpy(tempprinc->realm.data, inprinc->realm.data, inprinc->realm.length); - + } else + tempprinc->realm.data = 0; + *outprinc = tempprinc; return 0; } diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c index b39a6a9..150be0a 100644 --- a/src/lib/krb5/krb/cp_key_cnt.c +++ b/src/lib/krb5/krb/cp_key_cnt.c @@ -36,9 +36,12 @@ krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to) { *to = *from; - to->contents = (krb5_octet *)malloc(to->length); - if (!to->contents) - return ENOMEM; - memcpy((char *)to->contents, (char *)from->contents, to->length); + if (to->length) { + to->contents = (krb5_octet *)malloc(to->length); + if (!to->contents) + return ENOMEM; + memcpy((char *)to->contents, (char *)from->contents, to->length); + } else + to->contents = 0; return 0; } |