Prevent a library double-free and crash when a keytab is zero-length.

Based on a patch from Rainer Weikusat. Ticket: 3549 Version_Reported: 1.4.3 Component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18120 dc483132-0cff-0310-8789-dd5450dbe970
author: Russ Allbery <rra@stanford.edu> 2006-06-13 14:14:27 +0000
committer: Russ Allbery <rra@stanford.edu> 2006-06-13 14:14:27 +0000
commit: 17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2 (patch)
tree: af2a4d836cd93371bec3a921b291a0f0d6ee1688 /src
parent: e6b4b83c54e172c1ffb1753e5159535ca8cb5e88 (diff)
download: krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.tar.gz
krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.tar.xz
krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index c0358bfcbb..c31b90f34f 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -1092,7 +1092,10 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
     } else {
 	/* gotta verify it instead... */
 	if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
-	    kerror = errno;
+	    if (feof(KTFILEP(id)))
+		kerror = KRB5_KEYTAB_BADVNO;
+	    else
+		kerror = errno;
 	    (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
 	    (void) fclose(KTFILEP(id));
 	    return kerror;
author	Russ Allbery <rra@stanford.edu>	2006-06-13 14:14:27 +0000
committer	Russ Allbery <rra@stanford.edu>	2006-06-13 14:14:27 +0000
commit	17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2 (patch)
tree	af2a4d836cd93371bec3a921b291a0f0d6ee1688 /src
parent	e6b4b83c54e172c1ffb1753e5159535ca8cb5e88 (diff)
download	krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.tar.gz krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.tar.xz krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.zip