diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-04-07 21:22:23 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-04-07 21:22:23 +0000 |
| commit | 6769d4fc0a3fdeef3f0530257d742647a2c847fb (patch) | |
| tree | 3eca906f79d0241ff2ee4f5820635b884362da3b /src/lib | |
| parent | 9024676102cbd24d08f41fa3de7761d64f13db4d (diff) | |
| download | krb5-6769d4fc0a3fdeef3f0530257d742647a2c847fb.tar.gz krb5-6769d4fc0a3fdeef3f0530257d742647a2c847fb.tar.xz krb5-6769d4fc0a3fdeef3f0530257d742647a2c847fb.zip | |
CVE-2009-0846 asn1_decode_generaltime can free uninitialized pointer
The asn1_decode_generaltime() function can free an uninitialized
pointer if asn1buf_remove_charstring() fails.
ticket: 6445
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22176 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_decode.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index 94d62eace..032e82734 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) if (length != 15) return ASN1_BAD_LENGTH; retval = asn1buf_remove_charstring(buf,15,&s); + if (retval) return retval; /* Time encoding: YYYYMMDDhhmmssZ */ if (s[14] != 'Z') { free(s); |