[krbdev.mit.edu #3714] incorrect memory allocation in send_tgs 1.4.1
Paul Moore via RT
rt-comment at krbdev.mit.edu
Tue May 2 16:46:54 EDT 2006
send_tgs.c accepts additional padata. If this is supplied to it then
there is an incorrect memory allocation
at line 230
for (counter = padata; *counter; counter++, i++);
combined_padata = (krb5_pa_data **)malloc(i+2);
should read
for (counter = padata; *counter; counter++, i++);
combined_padata = (krb5_pa_data **)malloc((i+2) *
sizeof(*combined_padata));
More information about the krb5-bugs
mailing list