[krbdev.mit.edu #2786] dead code in init_common() causes malloc(0)
Chaskiel M Grundman via RT
rt-comment at krbdev.mit.edu
Fri Dec 3 18:32:15 EST 2004
init_common(), in 1.3.5, contains the following code:
if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
goto cleanup;
ctx->conf_tgs_ktypes = calloc(ctx->tgs_ktype_count,
sizeof(krb5_enctype));
if (ctx->conf_tgs_ktypes == NULL && ctx->tgs_ktype_count != 0)
goto cleanup;
memcpy(ctx->conf_tgs_ktypes, ctx->tgs_ktypes,
sizeof(krb5_enctype) * ctx->tgs_ktype_count);
ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;
The problem is that calling krb5_set_default_tgs_ktypes with a second
parameter of NULL always results in ctx->tgs_ktype_count being set to 0, so
this block of code calls calloc(0, sizeof(krb5_enctype)) and
memcpy([something], [something else], 0), to no effect, other than to cause
problems with malloc implementations that do not like malloc(0)
In fact, there seems to be no reason for init_common() to call
krb5_set_default_in_tkt_ktypes() or krb5_set_default_tgs_ktypes() unless
those functions are going to eventually having functionality similar to
krb5_get_default_in_tkt_ktypes and krb5_get_tgs_ktypes when called with a
NULL enctype list.
At the very least, the calloc/memcpy should be wrapped in a 'if
(ctx->tgs_ktype_count) {}' block
More information about the krb5-bugs
mailing list