From e2d4e9477ee52e52712b65b532159720794969cb Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Mon, 10 Jan 2011 09:55:57 +0100 Subject: [PATCH] Uninitialized pointer read in ipa-rmkeytab Fix "--realm" parameter processing in ipa-rmkeytab. Also make sure that memory allocated in this process is also freed. https://fedorahosted.org/freeipa/ticket/711 --- ipa-client/ipa-rmkeytab.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/ipa-client/ipa-rmkeytab.c b/ipa-client/ipa-rmkeytab.c index 0320045d0..8afa9e1c4 100644 --- a/ipa-client/ipa-rmkeytab.c +++ b/ipa-client/ipa-rmkeytab.c @@ -148,8 +148,8 @@ main(int argc, const char **argv) krb5_error_code krberr; krb5_keytab ktid; krb5_kt_cursor cursor; - char * ktname; - char * atrealm; + char * ktname = NULL; + char * atrealm = NULL; poptContext pc; static const char *keytab = NULL; static const char *principal = NULL; @@ -201,14 +201,20 @@ main(int argc, const char **argv) * the string we pass in looks like a realm. */ if (realm) { - if (realm[0] != '@') + if (realm[0] != '@') { ret = asprintf(&atrealm, "@%s", realm); if (ret == -1) { rval = 2; goto cleanup; } - else - atrealm = strcpy(atrealm, realm); + } else { + atrealm = strdup(realm); + + if (NULL == atrealm) { + rval = 2; + goto cleanup; + } + } } krberr = krb5_kt_resolve(context, ktname, &ktid); @@ -247,5 +253,8 @@ cleanup: poptFreeContext(pc); + free(atrealm); + free(ktname); + return rval; }