summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/krb5/krb/ChangeLog4
-rw-r--r--src/lib/krb5/krb/recvauth.c2
2 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index ce0b970ef..4128f0afb 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,5 +1,9 @@
2005-07-12 Tom Yu <tlyu@mit.edu>
+ * recvauth.c (recvauth_common): Avoid double-free on invalid
+ version string. Thanks to Magnus Hagander. Fix for
+ MITKRB5-SA-2005-003 [CAN-2005-1689, VU#623332].
+
* unparse.c (krb5_unparse_name_ext): Account for zero-component
principal, to avoid single-byte overflow. Thanks to Daniel
Wachdorf. Part of fix for MITKRB5-SA-2005-002 [CAN-2005-1175,
diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c
index e69be67f0..92bcad7a9 100644
--- a/src/lib/krb5/krb/recvauth.c
+++ b/src/lib/krb5/krb/recvauth.c
@@ -75,7 +75,6 @@ recvauth_common(krb5_context context,
if ((retval = krb5_read_message(context, fd, &inbuf)))
return(retval);
if (strcmp(inbuf.data, sendauth_version)) {
- krb5_xfree(inbuf.data);
problem = KRB5_SENDAUTH_BADAUTHVERS;
}
krb5_xfree(inbuf.data);
@@ -89,7 +88,6 @@ recvauth_common(krb5_context context,
if ((retval = krb5_read_message(context, fd, &inbuf)))
return(retval);
if (appl_version && strcmp(inbuf.data, appl_version)) {
- krb5_xfree(inbuf.data);
if (!problem)
problem = KRB5_SENDAUTH_BADAPPLVERS;
}
generated by cgit (git 2.34.1) at 2026-03-17 03:51:32 +0000