diff options
| author | Tom Yu <tlyu@mit.edu> | 2011-03-15 21:47:19 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2011-03-15 21:47:19 +0000 |
| commit | e1ce2955dbaf8fbbc52a9625a62bb3fc4e31215f (patch) | |
| tree | a72dbaeb80fc3e87a7fa1890262fb1bf37fbeec9 /src | |
| parent | 0dd24b627d0a4d93cbc5a597db55cfb5f8902b60 (diff) | |
| download | krb5-e1ce2955dbaf8fbbc52a9625a62bb3fc4e31215f.tar.gz krb5-e1ce2955dbaf8fbbc52a9625a62bb3fc4e31215f.tar.xz krb5-e1ce2955dbaf8fbbc52a9625a62bb3fc4e31215f.zip | |
KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.
ticket: 6881
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/do_as_req.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 283c97e2d..0cc21cec4 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -740,6 +740,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, pad->contents = td[size]->data; pad->length = td[size]->length; pa[size] = pad; + td[size]->data = NULL; + td[size]->length = 0; } krb5_free_typed_data(kdc_context, td); } |