IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix kdec.length or we may try to double free() or free() uninitiualized data.

Browse Source
This commit is contained in:
Simo Sorce 2007-12-07 18:09:49 -05:00
parent 0b51e32699
commit 647063253e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipa-server/ipa-kpasswd/ipa_kpasswd.c
View File

@ -664,6 +664,8 @@ void handle_krb_packets(uint8_t *buf, ssize_t buflen,
auth_context = NULL; auth_context = NULL;
krep.length = 0; krep.length = 0;
krep.data = NULL; krep.data = NULL;
kdec.length = 0;
kdec.data = NULL;
kprincpw = NULL; kprincpw = NULL;
context = NULL; context = NULL;
ticket = NULL; ticket = NULL;
@ -859,6 +861,7 @@ void handle_krb_packets(uint8_t *buf, ssize_t buflen,
/* make sure password is cleared off before we free the memory */ /* make sure password is cleared off before we free the memory */
memset(kdec.data, 0, kdec.length); memset(kdec.data, 0, kdec.length);
free(kdec.data); free(kdec.data);
kdec.length = 0;
kpreply: kpreply:
@ -867,6 +870,7 @@ kpreply:
kdec.data = malloc(kdec.length); kdec.data = malloc(kdec.length);
if (!kdec.data) { if (!kdec.data) {
syslog(LOG_ERR, "Out of memory!"); syslog(LOG_ERR, "Out of memory!");
kdec.length = 0;
goto done; goto done;
} }