diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-12-10 14:18:30 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-12-10 14:21:36 -0500 |
commit | d3c5450ddf0b20855e86dab41735d56c6860156b (patch) | |
tree | 1013b3c871ce2b5e72c925387115bdbb98853532 /src/kadmin | |
parent | db26cd1b6f422c20c062385e0daeb8c95137428d (diff) | |
download | krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.tar.gz krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.tar.xz krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.zip |
Fix various integer issues
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7488
Diffstat (limited to 'src/kadmin')
-rw-r--r-- | src/kadmin/dbutil/dump.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index cbd2d477a4..7b515bd702 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -2109,7 +2109,7 @@ process_k5beta6_record(char *fname, krb5_context kcontext, FILE *filep, dbentry->n_tl_data = t3; /* Get memory for key list */ - if (t4 && (kp = malloc(t4*sizeof(krb5_key_data))) == NULL) + if (t4 && (kp = calloc(t4, sizeof(krb5_key_data))) == NULL) goto cleanup; /* Get memory for extra data */ @@ -2121,7 +2121,6 @@ process_k5beta6_record(char *fname, krb5_context kcontext, FILE *filep, dbentry->e_length = t5; if (kp != NULL) { - memset(kp, 0, t4*sizeof(krb5_key_data)); dbentry->key_data = kp; kp = NULL; } |