diff options
author | Russ Allbery <rra@stanford.edu> | 2006-06-13 14:14:27 +0000 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2006-06-13 14:14:27 +0000 |
commit | 17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2 (patch) | |
tree | af2a4d836cd93371bec3a921b291a0f0d6ee1688 /src | |
parent | e6b4b83c54e172c1ffb1753e5159535ca8cb5e88 (diff) | |
download | krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.tar.gz krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.tar.xz krb5-17ca5b3402fe42c3ff5b2d928cc685fae43bd0d2.zip |
Prevent a library double-free and crash when a keytab is zero-length.
Based on a patch from Rainer Weikusat.
Ticket: 3549
Version_Reported: 1.4.3
Component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18120 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/krb5/keytab/kt_file.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index c0358bfcbb..c31b90f34f 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1092,7 +1092,10 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) } else { /* gotta verify it instead... */ if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { - kerror = errno; + if (feof(KTFILEP(id))) + kerror = KRB5_KEYTAB_BADVNO; + else + kerror = errno; (void) krb5_unlock_file(context, fileno(KTFILEP(id))); (void) fclose(KTFILEP(id)); return kerror; |