krb5 commit: Fix double free in kdc hammer
Greg Hudson
ghudson at mit.edu
Tue Jun 26 12:14:23 EDT 2018
https://github.com/krb5/krb5/commit/6c8b6039e67f63b5c657cb0563ae32ea7f00d083
commit 6c8b6039e67f63b5c657cb0563ae32ea7f00d083
Author: Robbie Harwood <rharwood at redhat.com>
Date: Tue Oct 3 15:01:55 2017 -0400
Fix double free in kdc hammer
If kdc5_hammer.c:krb5_string_to_key() fails, we didn't NULL out key
before returning it, leading to potential double-free.
src/tests/hammer/kdc5_hammer.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c
index efb4271..086c21d 100644
--- a/src/tests/hammer/kdc5_hammer.c
+++ b/src/tests/hammer/kdc5_hammer.c
@@ -283,6 +283,8 @@ get_server_key(context, server, enctype, key)
krb5_data salt;
krb5_data pwd;
+ *key = NULL;
+
if ((retval = krb5_principal2salt(context, server, &salt)))
return retval;
@@ -294,8 +296,11 @@ get_server_key(context, server, enctype, key)
if ((*key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)))) {
krb5_use_enctype(context, &eblock, enctype);
- if ((retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt)))
+ retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt);
+ if (retval) {
free(*key);
+ *key = NULL;
+ }
} else
retval = ENOMEM;
More information about the cvs-krb5
mailing list