[krbdev.mit.edu #7943] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Jun 27 14:52:03 EDT 2014
Fix error checking in PKINIT authdata creation
In create_identifiers_from_stack: check for allocation errors from
PKCS7_ISSUER_AND_SERIAL_new and M_ASN1_INTEGER_dup. Use
PKCS7_ISSUER_AND_SERIAL_free to more concisely clean up the OpenSSL
issuer variable, and make sure that any partially processed value is
cleaned up on error. Use calloc to allocate krb5_cas so that all of
its pointers are initially nulled, so that
free_krb5_external_principal_identifier can operate on it safely in
case of error. Eliminate the retval variable as it was not used
safely. Rename the error label from "cleanup" to "oom" and separate
it from the successful return path (which has nothing to clean up).
(back ported from commit 09246e64e20f079bef6163e9e1d0ecda7917b8c2)
https://github.com/krb5/krb5/commit/62c9e504261a07b8da297854c9fc9549acecc7d3
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 62c9e504261a07b8da297854c9fc9549acecc7d3
Branch: krb5-1.12
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 51 +++++++++----------
1 files changed, 24 insertions(+), 27 deletions(-)
More information about the krb5-bugs
mailing list