svn rev #22799: branches/krb5-1-7/src/lib/crypto/yarrow/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Sep 28 16:44:23 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22799
Commit By: tlyu
Log Message:
ticket: 6512
version_fixed: 1.7.1
status: resolved
pull up r22413, r22410 from trunk
------------------------------------------------------------------------
r22413 | epeisach | 2009-06-17 13:51:31 -0400 (Wed, 17 Jun 2009) | 5 lines
ticket: 6512
In the previous patch - I neglected a potential NULL deref in the call
to krb5int_yarrow_cipher_final. Trivial fix.
------------------------------------------------------------------------
r22410 | epeisach | 2009-06-11 13:01:13 -0400 (Thu, 11 Jun 2009) | 7 lines
subject: krb5int_yarrow_final could deref NULL if out of memory
ticket: 6512
krb5int_yarrow_final tests if the Yarrow_CTX* is valid (not NULL) -
and if not - signals and error for return - but still invokes
mem_zero (memset) with it as an argument. This will only happen in
an out-of-memory situation.
Changed Files:
U branches/krb5-1-7/src/lib/crypto/yarrow/yarrow.c
Modified: branches/krb5-1-7/src/lib/crypto/yarrow/yarrow.c
===================================================================
--- branches/krb5-1-7/src/lib/crypto/yarrow/yarrow.c 2009-09-28 20:44:20 UTC (rev 22798)
+++ branches/krb5-1-7/src/lib/crypto/yarrow/yarrow.c 2009-09-28 20:44:23 UTC (rev 22799)
@@ -917,8 +917,11 @@
#endif
CATCH:
- krb5int_yarrow_cipher_final(&y->cipher);
- mem_zero( y, sizeof(Yarrow_CTX) );
+ if ( y )
+ {
+ krb5int_yarrow_cipher_final(&y->cipher);
+ mem_zero( y, sizeof(Yarrow_CTX) );
+ }
if ( locked ) { TRY( UNLOCK() ); }
EXCEP_RET;
}
More information about the cvs-krb5
mailing list