Fix uninitialized pointer dereference in libkrad
Commit
871125fea8ce0370a972bf65f7d1de63f619b06c changed
krad_packet_decode_request() to use a local variable "req" to hold the
decoded packet until it is verified, instead of immediately storing
into the caller's *reqpkt. The code to check for duplicate packets
erroneously continues to use *reqpkt, causing a read dereference of
whatever was in *reqpkt on entry to the function (typically null or an
uninitialized value). Fix the code to use req instead of *reqpkt.
This bug does not affect the KDC (which only uses libkrad as a
client), but can crash external software using libkrad as a server if
it ever processes more than one packet at a time.
[ghudson@mit.edu: edited commit message]
ticket: 9193 (new)
tags: pullup
target_version: 1.22-next
projects / thirdparty / krb5.git / commit
