diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-01-17 19:10:31 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-01-17 19:10:31 +0000 |
| commit | 962f1e24f1a3838d521db990778e1bd5a0432be2 (patch) | |
| tree | cc312369ead6d761b0fc0e386afd2d05c7f47cba /src/lib | |
| parent | edc1c76fce45e966329c983a392115b536311ad3 (diff) | |
| download | krb5-962f1e24f1a3838d521db990778e1bd5a0432be2.tar.gz krb5-962f1e24f1a3838d521db990778e1bd5a0432be2.tar.xz krb5-962f1e24f1a3838d521db990778e1bd5a0432be2.zip | |
krb5_unparse_name(), krb5_unparse_name_ext():
prevent dereferencing of pointer if 'name' or 'size' are NULL
ticket: new
tags: pullup
target_version: 1.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17049 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 5 | ||||
| -rw-r--r-- | src/lib/krb5/krb/unparse.c | 29 |
2 files changed, 20 insertions, 14 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 27e5174c2..a3520b7a7 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,8 @@ +2005-01-17 Jeffrey Altman <jaltman@mit.edu> + * unparse.c: krb5_unparse_name, krb5_unparse_name_ext() + prevent null pointer dereferencing if either 'name' or 'size' + are NULL. + 2005-01-17 Ezra Peisach <epeisach@mit.edu> * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): More memory leaks diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index 6f1a3c9e8..badb5bf97 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -26,7 +26,7 @@ * * krb5_unparse_name() routine * - * Rewritten by Theodore Ts'o to propoerly unparse principal names + * Rewritten by Theodore Ts'o to properly unparse principal names * which have the component or realm separator as part of one of their * components. */ @@ -66,7 +66,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_int32 nelem; register unsigned int totalsize = 0; - if (!principal) + if (!principal || !name) return KRB5_PARSE_MALFORMED; cp = krb5_princ_realm(context, principal)->data; @@ -99,17 +99,17 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi * We need only n-1 seperators for n components, but we need * an extra byte for the NULL at the end. */ - if (*name) { - if (*size < (totalsize)) { - *size = totalsize; - *name = realloc(*name, totalsize); - } - } else { - *name = malloc(totalsize); - if (size) - *size = totalsize; - } - + if (size) { + if (*name && (*size < totalsize)) { + *name = realloc(*name, totalsize); + } else { + *name = malloc(totalsize); + } + *size = totalsize; + } else { + *name = malloc(totalsize); + } + if (!*name) return ENOMEM; @@ -191,7 +191,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_error_code KRB5_CALLCONV krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name) { - *name = NULL; + if (name) /* name == NULL will return error from _ext */ + *name = NULL; return(krb5_unparse_name_ext(context, principal, name, NULL)); } |