[krbdev.mit.edu #7866] improper malloc() handling in process_chpw_request()

Will Fiveash via RT rt-comment at krbdev.mit.edu
Thu Feb 20 14:17:12 EST 2014

Previous message: [krbdev.mit.edu #7860] git commit
Next message: [krbdev.mit.edu #7861] git commit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In src/kadmin/server/schpw.c:process_chpw_request()):

chpwfail:

    clear.length = 2 + strlen(strresult);
    clear.data = (char *) malloc(clear.length);

    ptr = clear.data;

    *ptr++ = (numresult>>8) & 0xff;

If malloc() fails *ptr++ will be a NULL pointer deref.

Previous message: [krbdev.mit.edu #7860] git commit
Next message: [krbdev.mit.edu #7861] git commit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krb5-bugs mailing list