diff options
| author | Tom Yu <tlyu@mit.edu> | 2005-09-21 22:58:07 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2005-09-21 22:58:07 +0000 |
| commit | 99c0ac2a716ee8a0dc23fa01f82a88665d8cffb9 (patch) | |
| tree | 293dd51cd62a66cb27bdfbb5cb0adf47352b8413 /src/lib/gssapi | |
| parent | 8e038fc69156fee66e3cef4bae2bc1af1e12e8cb (diff) | |
| download | krb5-99c0ac2a716ee8a0dc23fa01f82a88665d8cffb9.tar.gz krb5-99c0ac2a716ee8a0dc23fa01f82a88665d8cffb9.tar.xz krb5-99c0ac2a716ee8a0dc23fa01f82a88665d8cffb9.zip | |
krb5_gss_inquire_cred can copy out uninitialized pointer
* inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to
NULL. Only call kg_save_name() if ret_name is actually non-NULL.
Return GSS_C_NO_NAME for now if no principal name in the cred.
Reported by Christoph Weizen.
ticket: new
version_reported: 1.4.2
target_version: 1.4.3
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17384 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/inq_cred.c | 11 |
2 files changed, 15 insertions, 3 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index f06fee506b..3800195d1f 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,10 @@ +2005-09-21 Tom Yu <tlyu@mit.edu> + + * inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to + NULL. Only call kg_save_name() if ret_name is actually non-NULL. + Return GSS_C_NO_NAME for now if no principal name in the cred. + Reported by Christoph Weizen. + 2005-08-11 Tom Yu <tlyu@mit.edu> * import_name.c: Include stdio.h regardless of presence of diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index 4125dd5e48..ec8578e4e8 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -92,6 +92,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, OM_uint32 ret; ret = GSS_S_FAILURE; + ret_name = NULL; code = krb5_init_context(&context); if (code) { @@ -164,14 +165,15 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, (gss_OID) gss_mech_krb5, &mechs)))) { k5_mutex_unlock(&cred->lock); - krb5_free_principal(context, ret_name); + if (ret_name) + krb5_free_principal(context, ret_name); /* *minor_status set above */ goto fail; } } if (name) { - if (! kg_save_name((gss_name_t) ret_name)) { + if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) { k5_mutex_unlock(&cred->lock); (void) gss_release_oid_set(minor_status, &mechs); krb5_free_principal(context, ret_name); @@ -179,7 +181,10 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, krb5_free_context(context); return(GSS_S_FAILURE); } - *name = (gss_name_t) ret_name; + if (ret_name != NULL) + *name = (gss_name_t) ret_name; + else + *name = GSS_C_NO_NAME; } if (lifetime_ret) |