[krbdev.mit.edu #5454] SVN Commit
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Wed Feb 28 20:49:20 EST 2007
if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.
if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.
This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()
Commit By: jaltman
Revision: 19195
Changed Files:
U trunk/src/lib/krb5/krb/gc_frm_kdc.c
More information about the krb5-bugs
mailing list