svn rev #19050: branches/krb5-1-5/ src/kadmin/server/ src/lib/gssapi/mechglue/

tlyu@MIT.EDU tlyu at MIT.EDU
Tue Jan 9 20:08:21 EST 2007 

Commit By: tlyu
Log Message: 
ticket: new
target_version: 1.5.2
version_fixed: 1.5.2
tags: pullup
subject: fix MITKRB5-SA-2006-003 for 1.5-branch
component: krb5-libs

pull up r19043 from trunk

 r19043 at cathode-dark-space:  tlyu | 2007-01-09 14:45:25 -0500
 ticket: new
 target_version: 1.6
 tags: pullup
 subject: MITKRB5-SA-2006-003: mechglue argument handling too lax
 component: krb5-libs
 
 Fix mechglue argument checks so that output pointers are always
 initialized regardless of whether the other arguments fail to validate
 for some reason.  This avoids freeing of uninitialized pointers.
 
 Initialize the gss_buffer_descs in ovsec_kadmd.c.
 
 




Changed Files:
_U  branches/krb5-1-5/
U   branches/krb5-1-5/src/kadmin/server/ovsec_kadmd.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_accept_sec_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_acquire_cred.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_canon_name.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_compare_name.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_delete_sec_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_dsp_name.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_dsp_status.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_dup_name.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_exp_sec_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_export_name.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_imp_name.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_imp_sec_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_init_sec_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_initialize.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_inq_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_inq_cred.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_inq_names.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_process_context.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_seal.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_sign.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_store_cred.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_unseal.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/g_verify.c
U   branches/krb5-1-5/src/lib/gssapi/mechglue/oid_ops.c

More information about the cvs-krb5 mailing list