svn rev #19197: branches/krb5-1-6/ src/lib/krb5/krb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Thu Mar 1 15:29:58 EST 2007
Commit By: tlyu
Log Message:
ticket: 5454
version_fixed: 1.6.1
pull up r19195 from trunk
r19195 at cathode-dark-space: jaltman | 2007-02-28 20:49:11 -0500
ticket: new
subject: krb5_get_cred_from_kdc fails to null terminate the tgt list
tags: pullup
if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.
if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.
This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/krb/gc_frm_kdc.c
More information about the cvs-krb5
mailing list