From 6769d4fc0a3fdeef3f0530257d742647a2c847fb Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 7 Apr 2009 21:22:23 +0000 Subject: CVE-2009-0846 asn1_decode_generaltime can free uninitialized pointer The asn1_decode_generaltime() function can free an uninitialized pointer if asn1buf_remove_charstring() fails. ticket: 6445 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22176 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/asn1_decode.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/lib') diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index 94d62eace9..032e827345 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) if (length != 15) return ASN1_BAD_LENGTH; retval = asn1buf_remove_charstring(buf,15,&s); + if (retval) return retval; /* Time encoding: YYYYMMDDhhmmssZ */ if (s[14] != 'Z') { free(s); -- cgit