git.samba.org
/
metze
/
heimdal
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
bfcc7a9
)
krb5_mk_ncred: clean enc_krb_cred_part before use
author
Daria Phoebe Brashear
<dariaphoebe@auristor.com>
Fri, 10 Jan 2020 17:58:09 +0000
(12:58 -0500)
committer
Nico Williams
<nico@cryptonector.com>
Fri, 6 Mar 2020 17:56:03 +0000
(11:56 -0600)
the early exit case can try to free enc_krb_cred_part, which will be
stack garbage. clear it before it's used.
lib/krb5/mk_cred.c
patch
|
blob
|
history
diff --git
a/lib/krb5/mk_cred.c
b/lib/krb5/mk_cred.c
index ec10a8a0648d61dc1d63f2ba6e79c45986eeee93..45ece8e02f873938f233f52b8ddd53452dd1fc30 100644
(file)
--- a/
lib/krb5/mk_cred.c
+++ b/
lib/krb5/mk_cred.c
@@
-141,6
+141,7
@@
_krb5_mk_ncred(krb5_context context,
;
memset (&cred, 0, sizeof(cred));
+ memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
cred.pvno = 5;
cred.msg_type = krb_cred;
ALLOC_SEQ(&cred.tickets, ncreds);
@@
-148,7
+149,6
@@
_krb5_mk_ncred(krb5_context context,
ret = krb5_enomem(context);
goto out;
}
- memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
ALLOC_SEQ(&enc_krb_cred_part.ticket_info, ncreds);
if (enc_krb_cred_part.ticket_info.val == NULL) {
ret = krb5_enomem(context);