]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b272744)
Fix unlikely null dereference in TGS client code
authorNeng Xue <xnsuda@yahoo.com>
Mon, 30 Jun 2014 21:04:56 +0000 (14:04 -0700)
committerGreg Hudson <ghudson@mit.edu>
Mon, 30 Jun 2014 22:23:04 +0000 (18:23 -0400)
If krb5_get_tgs_ktypes fails (due to an out-of-memory condition or an
error re-reading the profile), k5_make_tgs_req will dereference a null
pointer.  Check the return value before dereferencing defenctypes.

[ghudson@mit.edu: clarified commit message]

ticket: 7952 (new)
target_version: 1.12.2
tags: pullup

src/lib/krb5/krb/send_tgs.c patch | blob | blame | history

diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index cd56366cb2bacf918b43625fa801256807dcc614..f6fdf68d4725e867e9954f3787f36d15dc5d2066 100644 (file)
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -198,7 +198,9 @@ k5_make_tgs_req(krb5_context context,
         req.nktypes = 1;
     } else {
         /* Get the default TGS enctypes. */
-        krb5_get_tgs_ktypes(context, desired->server, &defenctypes);
+        ret = krb5_get_tgs_ktypes(context, desired->server, &defenctypes);
+        if (ret)
+            goto cleanup;
         for (count = 0; defenctypes[count]; count++);
         req.ktype = defenctypes;
         req.nktypes = count;
Mirror of https://github.com/krb5/krb5.git