diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2014-06-25 12:56:42 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-06-25 14:40:27 -0400 |
| commit | 476284de8dc9a52b5544445cb1b316a417ae88f0 (patch) | |
| tree | 44a10a0fcace077ed43db6100e4b96eb631a3c79 | |
| parent | 09246e64e20f079bef6163e9e1d0ecda7917b8c2 (diff) | |
| download | krb5-476284de8dc9a52b5544445cb1b316a417ae88f0.tar.gz krb5-476284de8dc9a52b5544445cb1b316a417ae88f0.tar.xz krb5-476284de8dc9a52b5544445cb1b316a417ae88f0.zip | |
Fix unlikely null dereference in mk_cred()
If krb5_encrypt_keyhelper() returns an error, the ciphertext structure
may contain a non-zero length, but it will already have freed the
pointer to its data, making encrypt_credencpart()'s subsequent attempt
to clear and free the memory fail. Remove that logic.
Based on a patch from Jatin Nansi.
ticket: 7948 (new)
target_version: 1.12.2
tags: pullup
| -rw-r--r-- | src/lib/krb5/krb/mk_cred.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index a31d85cac..7616c3a7a 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -49,13 +49,6 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart, KRB5_KEYUSAGE_KRB_CRED_ENCPART, scratch, pencdata); - if (retval) { - memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length); - free(pencdata->ciphertext.data); - pencdata->ciphertext.length = 0; - pencdata->ciphertext.data = 0; - } - memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); |