[krbdev.mit.edu #3002] malloc bug in ktutil_add()
The RT System itself via RT
rt-comment at krbdev.mit.edu
Tue Apr 5 14:25:01 EDT 2005
>From krb5-bugs-incoming-bounces at PCH.mit.edu Tue Apr 5 14:24:55 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id OAA17310; Tue, 5 Apr 2005 14:24:55 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j35IOPh7009491
for <krb5-send-pr at krbdev.mit.edu>; Tue, 5 Apr 2005 14:24:25 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j34LLOh7005981
for <krb5-bugs-incoming at PCH.mit.edu>; Mon, 4 Apr 2005 17:21:24 -0400
Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14])
j34LLG1j007859
for <krb5-bugs at mit.edu>; Mon, 4 Apr 2005 17:21:17 -0400 (EDT)
Received: from centralmail2brm.Central.Sun.COM ([129.147.62.14])
by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id j34LLGNV025103
for <krb5-bugs at mit.edu>; Mon, 4 Apr 2005 14:21:16 -0700 (PDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
with ESMTP id j34LLFeu019183
for <krb5-bugs at mit.edu>; Mon, 4 Apr 2005 15:21:16 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
j34LLFeE011971
for <krb5-bugs at mit.edu>; Mon, 4 Apr 2005 16:21:15 -0500 (CDT)
Received: (from willf at localhost)
by alton.central.sun.com (8.13.3+Sun/8.13.3/Submit) id j34LLFFO011970;
Mon, 4 Apr 2005 16:21:15 -0500 (CDT)
Date: Mon, 4 Apr 2005 16:21:15 -0500 (CDT)
Message-Id: <200504042121.j34LLFFO011970 at alton.central.sun.com>
To: krb5-bugs at mit.edu
From: william.fiveash at sun.com
X-send-pr-version: 3.99
X-Spam-Score: -4.74
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Tue, 05 Apr 2005 14:24:25 -0400
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: william.fiveash at sun.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
>Submitter-Id: net
>Originator: William Fiveash
>Organization: Sun Microsystems Inc.
>Confidential: no
>Synopsis: malloc bug in ktutil_add()
>Severity: non-critical
>Priority: medium
>Category: krb5-admin
>Class:
>Release: 1.4
>Environment:
System: SunOS alton 5.10 Generic sun4u sparc SUNW,Sun-Blade-1000
Architecture: sun4
>Description:
In ktutil_add() I see (notice the malloc()s):
if (!lp) { /* if list is empty, start one */
lp = (krb5_kt_list) malloc(sizeof(krb5_kt_list));
if (!lp) {
return ENOMEM;
}
} else {
lp->next = (krb5_kt_list) malloc(sizeof(krb5_kt_list));
if (!lp->next) {
return ENOMEM;
}
prev = lp;
lp = lp->next;
}
lp->next = NULL;
lp->entry = entry;
=====================================
Note that krb5_kt_list is:
typedef struct _krb5_kt_list {
struct _krb5_kt_list *next;
krb5_keytab_entry *entry;
} *krb5_kt_list;
So the malloc()s above are allocating a pointer (4 bytes) to struct
_krb5_kt_list (8 bytes) which is incorrect. The malloc should be:
malloc(sizeof(struct _krb5_kt_list))
>How-To-Repeat:
Found through code inspection.
>Fix:
See description.
More information about the krb5-bugs
mailing list