]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 09c9b7d)
Fix double free in kdc hammer
authorRobbie Harwood <rharwood@redhat.com>
Tue, 3 Oct 2017 19:01:55 +0000 (15:01 -0400)
committerGreg Hudson <ghudson@mit.edu>
Fri, 22 Jun 2018 01:46:24 +0000 (21:46 -0400)
If kdc5_hammer.c:krb5_string_to_key() fails, we didn't NULL out key
before returning it, leading to potential double-free.

src/tests/hammer/kdc5_hammer.c patch | blob | blame | history

diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c
index efb4271e587c5162e6557a34a46156ed6b21cf05..086c21d1ce3eed66100357b21e6d448a3c5af515 100644 (file)
--- a/src/tests/hammer/kdc5_hammer.c
+++ b/src/tests/hammer/kdc5_hammer.c
@@ -283,6 +283,8 @@ get_server_key(context, server, enctype, key)
     krb5_data salt;
     krb5_data pwd;
 
+    *key = NULL;
+
     if ((retval = krb5_principal2salt(context, server, &salt)))
        return retval;
 
@@ -294,8 +296,11 @@ get_server_key(context, server, enctype, key)
 
     if ((*key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)))) {
        krb5_use_enctype(context, &eblock, enctype);
-       if ((retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt)))
+       retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt);
+       if (retval) {
            free(*key);
+           *key = NULL;
+       }
     } else
         retval = ENOMEM;
 
Mirror of https://github.com/krb5/krb5.git