From 647063253e31f543246e271ba07ddbf9e1dd74ed Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 7 Dec 2007 18:09:49 -0500
Subject: [PATCH] Fix kdec.length or we may try to double free() or free()
 uninitiualized data.

---
 ipa-server/ipa-kpasswd/ipa_kpasswd.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipa-server/ipa-kpasswd/ipa_kpasswd.c b/ipa-server/ipa-kpasswd/ipa_kpasswd.c
index b0020c04f..99dfe678f 100644
--- a/ipa-server/ipa-kpasswd/ipa_kpasswd.c
+++ b/ipa-server/ipa-kpasswd/ipa_kpasswd.c
@@ -664,6 +664,8 @@ void handle_krb_packets(uint8_t *buf, ssize_t buflen,
 	auth_context = NULL;
 	krep.length = 0;
 	krep.data = NULL;
+	kdec.length = 0;
+	kdec.data = NULL;
 	kprincpw = NULL;
 	context = NULL;
 	ticket = NULL;
@@ -859,6 +861,7 @@ void handle_krb_packets(uint8_t *buf, ssize_t buflen,
 	/* make sure password is cleared off before we free the memory */
 	memset(kdec.data, 0, kdec.length);
 	free(kdec.data);
+	kdec.length = 0;
 
 kpreply:
 
@@ -867,6 +870,7 @@ kpreply:
 	kdec.data = malloc(kdec.length);
 	if (!kdec.data) {
 		syslog(LOG_ERR, "Out of memory!");
+		kdec.length = 0;
 		goto done;
 	}