From 69a15d658a54b4c551a207293bd85a4ec24a7a4b Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 12 Jul 2005 20:07:06 +0000 Subject: fix MITKRB5-SA-2005-003 krb5_recvauth double-free * recvauth.c (recvauth_common): Avoid double-free on invalid version string. Thanks to Magnus Hagander. Fix for MITKRB5-SA-2005-003 [CAN-2005-1689, VU#623332]. ticket: new target_version: 1.4.2 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17299 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 4 ++++ src/lib/krb5/krb/recvauth.c | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index ce0b970ef..4128f0afb 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,5 +1,9 @@ 2005-07-12 Tom Yu + * recvauth.c (recvauth_common): Avoid double-free on invalid + version string. Thanks to Magnus Hagander. Fix for + MITKRB5-SA-2005-003 [CAN-2005-1689, VU#623332]. + * unparse.c (krb5_unparse_name_ext): Account for zero-component principal, to avoid single-byte overflow. Thanks to Daniel Wachdorf. Part of fix for MITKRB5-SA-2005-002 [CAN-2005-1175, diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index e69be67f0..92bcad7a9 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -75,7 +75,6 @@ recvauth_common(krb5_context context, if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (strcmp(inbuf.data, sendauth_version)) { - krb5_xfree(inbuf.data); problem = KRB5_SENDAUTH_BADAUTHVERS; } krb5_xfree(inbuf.data); @@ -89,7 +88,6 @@ recvauth_common(krb5_context context, if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (appl_version && strcmp(inbuf.data, appl_version)) { - krb5_xfree(inbuf.data); if (!problem) problem = KRB5_SENDAUTH_BADAPPLVERS; } -- cgit