diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-12-10 14:18:30 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-12-10 14:21:36 -0500 |
| commit | d3c5450ddf0b20855e86dab41735d56c6860156b (patch) | |
| tree | 1013b3c871ce2b5e72c925387115bdbb98853532 /src/kdc/kdc_util.c | |
| parent | db26cd1b6f422c20c062385e0daeb8c95137428d (diff) | |
| download | krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.tar.gz krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.tar.xz krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.zip | |
Fix various integer issues
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7488
Diffstat (limited to 'src/kdc/kdc_util.c')
| -rw-r--r-- | src/kdc/kdc_util.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index ea11f54d10..a6a53a1c91 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -842,9 +842,10 @@ fetch_asn1_field(unsigned char *astream, unsigned int level, /* return length and data */ astream++; savelen = *astream; - if ((data->length = asn1length(&astream)) < 0) { + if ((length = asn1length(&astream)) < 0) { return(-1); } + data->length = length; /* if the field length is indefinite, we will have to subtract two (terminating octets) from the length returned since we don't want to pass any info from the "wrapper" back. asn1length will always return |