[krbdev.mit.edu #8107] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Feb 6 18:11:51 EST 2015
Fix unlikely null dereference in mk_cred()
If krb5_encrypt_keyhelper() returns an error, the ciphertext structure
may contain a non-zero length, but it will already have freed the
pointer to its data, making encrypt_credencpart()'s subsequent attempt
to clear and free the memory fail. Remove that logic.
Based on a patch from Jatin Nansi.
(cherry picked from commit 476284de8dc9a52b5544445cb1b316a417ae88f0)
https://github.com/krb5/krb5/commit/cb819b0dfcaecb7989c4a0cfe7d9da039545576b
Author: Nalin Dahyabhai <nalin at redhat.com>
Committer: Tom Yu <tlyu at mit.edu>
Commit: cb819b0dfcaecb7989c4a0cfe7d9da039545576b
Branch: krb5-1.11
src/lib/krb5/krb/mk_cred.c | 7 -------
1 files changed, 0 insertions(+), 7 deletions(-)
More information about the krb5-bugs
mailing list