[krbdev.mit.edu #2886] CVS Commit
Ezra Peisach via RT
rt-comment at krbdev.mit.edu
Mon Jan 17 12:32:33 EST 2005
subject; krb5_do_preauth could attempt to free NULL pointer.
* preauth2.c (krb5_do_preauth): Upon error in decoding
krb5_type_info{,2}, on failure, do not call krb5_free_type_info
with a null pointer.
The only way to reach this code is to set a preauth list requesting for ETYPE_INFO
or ETYPE_INFO2 in a call to krb5_get_in_tkt_with_password.
Before sending the request, krb5_do_preauth tries to parse a NULL length asn1 buffer,
fails and tries to free a null pointer.
To generate a diff of this commit:
cvs diff -r5.458 -r5.459 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.27 -r5.28 krb5/src/lib/krb5/krb/preauth2.c
More information about the krb5-bugs
mailing list