diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-12-10 14:18:30 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-12-10 14:21:36 -0500 |
| commit | d3c5450ddf0b20855e86dab41735d56c6860156b (patch) | |
| tree | 1013b3c871ce2b5e72c925387115bdbb98853532 /src/plugins/preauth/pkinit | |
| parent | db26cd1b6f422c20c062385e0daeb8c95137428d (diff) | |
| download | krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.tar.gz krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.tar.xz krb5-d3c5450ddf0b20855e86dab41735d56c6860156b.zip | |
Fix various integer issues
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7488
Diffstat (limited to 'src/plugins/preauth/pkinit')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 43 |
1 files changed, 12 insertions, 31 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 7a069c1ed..75b97c6a8 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -1406,40 +1406,21 @@ pkinit_client_plugin_fini(krb5_context context, krb5_clpreauth_moddata moddata) static krb5_error_code add_string_to_array(krb5_context context, char ***array, const char *addition) { - char **out = NULL; - - if (*array == NULL) { - out = malloc(2 * sizeof(char *)); - if (out == NULL) - return ENOMEM; - out[1] = NULL; - out[0] = strdup(addition); - if (out[0] == NULL) { - free(out); - return ENOMEM; - } - } else { - int i; - char **a = *array; - for (i = 0; a[i] != NULL; i++); - out = malloc( (i + 2) * sizeof(char *)); - if (out == NULL) - return ENOMEM; - for (i = 0; a[i] != NULL; i++) { - out[i] = a[i]; - } - out[i++] = strdup(addition); - if (out == NULL) { - free(out); - return ENOMEM; - } - out[i] = NULL; - free(*array); - } - *array = out; + char **a = *array; + size_t len; + for (len = 0; a != NULL && a[len] != NULL; len++); + a = realloc(a, (len + 2) * sizeof(char *)); + if (a == NULL) + return ENOMEM; + *array = a; + a[len] = strdup(addition); + if (a[len] == NULL) + return ENOMEM; + a[len + 1] = NULL; return 0; } + static krb5_error_code handle_gic_opt(krb5_context context, pkinit_context plgctx, |