diff options
| author | Simo Sorce <ssorce@redhat.com> | 2007-12-07 18:09:49 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2007-12-07 18:09:49 -0500 |
| commit | 647063253e31f543246e271ba07ddbf9e1dd74ed (patch) | |
| tree | c205ac4d1dccf98992e1f5b7eb8a2951a213c422 | |
| parent | 0b51e326996dd6a01fdca8a0b5a5160ca03c660b (diff) | |
| download | freeipa-647063253e31f543246e271ba07ddbf9e1dd74ed.tar.gz freeipa-647063253e31f543246e271ba07ddbf9e1dd74ed.tar.xz freeipa-647063253e31f543246e271ba07ddbf9e1dd74ed.zip | |
Fix kdec.length or we may try to double free() or free() uninitiualized data.
| -rw-r--r-- | ipa-server/ipa-kpasswd/ipa_kpasswd.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipa-server/ipa-kpasswd/ipa_kpasswd.c b/ipa-server/ipa-kpasswd/ipa_kpasswd.c index b0020c04f..99dfe678f 100644 --- a/ipa-server/ipa-kpasswd/ipa_kpasswd.c +++ b/ipa-server/ipa-kpasswd/ipa_kpasswd.c @@ -664,6 +664,8 @@ void handle_krb_packets(uint8_t *buf, ssize_t buflen, auth_context = NULL; krep.length = 0; krep.data = NULL; + kdec.length = 0; + kdec.data = NULL; kprincpw = NULL; context = NULL; ticket = NULL; @@ -859,6 +861,7 @@ void handle_krb_packets(uint8_t *buf, ssize_t buflen, /* make sure password is cleared off before we free the memory */ memset(kdec.data, 0, kdec.length); free(kdec.data); + kdec.length = 0; kpreply: @@ -867,6 +870,7 @@ kpreply: kdec.data = malloc(kdec.length); if (!kdec.data) { syslog(LOG_ERR, "Out of memory!"); + kdec.length = 0; goto done; } |