krb5 commit [krb5-1.12]: Check output params on GSS OID set functions
Tom Yu
tlyu at mit.edu
Thu Dec 10 18:14:44 EST 2015
https://github.com/krb5/krb5/commit/fae5e7f02f82fb08e1e8ccfcc95dfc782716124f
commit fae5e7f02f82fb08e1e8ccfcc95dfc782716124f
Author: Tomas Kuthan <tkuthan at gmail.com>
Date: Wed Sep 30 15:18:05 2015 +0200
Check output params on GSS OID set functions
Add sanity checks for the output parameters of
generic_gss_create_empty_oid_set() and
generic_gss_add_oid_set_member(), which are used directly by the API
functions gss_create_empty_oid_set() and gss_add_oid_set_member().
[ghudson at mit.edu: edit commit message]
(cherry picked from commit c9e035794caa784b6cdf416e2b3f1d641d011390)
ticket: 8325 (new)
version_fixed: 1.12.5
status: resolved
src/lib/gssapi/generic/oid_ops.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c
index 1229f38..a0b6dcb 100644
--- a/src/lib/gssapi/generic/oid_ops.c
+++ b/src/lib/gssapi/generic/oid_ops.c
@@ -137,6 +137,9 @@ generic_gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set)
{
*minor_status = 0;
+ if (oid_set == NULL)
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
+
if ((*oid_set = (gss_OID_set) gssalloc_malloc(sizeof(gss_OID_set_desc)))) {
memset(*oid_set, 0, sizeof(gss_OID_set_desc));
return(GSS_S_COMPLETE);
@@ -161,6 +164,9 @@ generic_gss_add_oid_set_member(OM_uint32 *minor_status,
member_oid->elements == NULL)
return (GSS_S_CALL_INACCESSIBLE_READ);
+ if (oid_set == NULL)
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
+
elist = (*oid_set)->elements;
/* Get an enlarged copy of the array */
if (((*oid_set)->elements = (gss_OID) gssalloc_malloc(((*oid_set)->count+1) *
More information about the cvs-krb5
mailing list