freeipa/daemons
Thierry Bordaz b04f617803 Heap corruption in ipapwd plugin
ipapwd_encrypt_encode_key allocates 'kset' on the heap but
with num_keys and keys not being initialized.
Then ipa_krb5_generate_key_data initializes them with the
generated keys.
If ipa_krb5_generate_key_data fails (here EINVAL meaning no
principal->realm.data), num_keys and keys are left uninitialized.
Upon failure, ipapwd_keyset_free is called to free 'kset'
that contains random num_keys and keys.

allocates kset with calloc so that kset->num_keys==0 and
kset->keys==NULL

https://fedorahosted.org/freeipa/ticket/6030

Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-07-19 13:17:37 +02:00
..
dnssec Remove unused locking "context manager" 2016-06-17 18:27:22 +02:00
ipa-kdb kdb: check for local realm in enterprise principals 2016-07-12 12:26:28 +02:00
ipa-otpd Migrate from #ifndef guards to #pragma once 2016-05-29 14:04:45 +02:00
ipa-sam Migrate from #ifndef guards to #pragma once 2016-05-29 14:04:45 +02:00
ipa-slapi-plugins Heap corruption in ipapwd plugin 2016-07-19 13:17:37 +02:00
configure.ac Bump SSSD version in requires 2016-07-01 10:20:36 +02:00
ipa-version.h.in Fix typos 2011-09-07 13:20:42 +02:00
Makefile.am fix Makefile.am for daemons 2015-03-26 14:58:37 +01:00