svn rev #22798: branches/krb5-1-7/src/lib/krb5/krb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Sep 28 16:44:20 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22798
Commit By: tlyu
Log Message:
ticket: 6511
version_fixed: 1.7.1
status: resolved
------------------------------------------------------------------------
r22409 | epeisach | 2009-06-09 22:55:22 -0400 (Tue, 09 Jun 2009) | 7 lines
ticket: 6511
subject: krb5int_rd_chpw_rep could call krb5_free_error with random value
clang picked up on a path in which krberror is not set and passed as
an argument to krb5_free_error(). Essentially if the clearresult
length < 2 but everything decodes - you can hit this path...
Changed Files:
U branches/krb5-1-7/src/lib/krb5/krb/chpw.c
Modified: branches/krb5-1-7/src/lib/krb5/krb/chpw.c
===================================================================
--- branches/krb5-1-7/src/lib/krb5/krb/chpw.c 2009-09-28 20:34:52 UTC (rev 22797)
+++ branches/krb5-1-7/src/lib/krb5/krb/chpw.c 2009-09-28 20:44:20 UTC (rev 22798)
@@ -83,7 +83,7 @@
krb5_error_code ret;
krb5_data cipherresult;
krb5_data clearresult;
- krb5_error *krberror;
+ krb5_error *krberror = NULL;
krb5_replay_data replay;
krb5_keyblock *tmp;
More information about the cvs-krb5
mailing list