Crash while freeing data.

Greg Hudson ghudson at MIT.EDU
Thu May 23 11:16:14 EDT 2013

On 05/23/2013 02:46 AM, sasikumar bodathula wrote:
> In the function cms_signeddata_create we have a pointer called abuf
> which is initialized to NULL.
> FileName :- plugins/preauth/pkinit/pkinit_crypto_openssl.c Line number
> 1121 "ASN1_item_i2d" following function is called with abuf as one of
> the argument.
> After this function abuf is pointer to the invalid pointer this leads to
> the crash in same file line number 1195 free(abuf).

Looking at the OpenSSL code, ASN1_item_i2d should only fill in abuf with
a pointer returned by CRYPTO_malloc(), which is usually equivalent to
malloc(), unless something has called CRYPTO_set_mem_functions() or
similar.  Unless you're doing that in your application, I don't see how
this can explain the crash.

More information about the Kerberos mailing list