]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 823e308)
Improve cleanup in krb5_rc_io_fetch() 573/head
authorGreg Hudson <ghudson@mit.edu>
Fri, 2 Dec 2016 16:10:52 +0000 (11:10 -0500)
committerGreg Hudson <ghudson@mit.edu>
Tue, 6 Dec 2016 15:52:08 +0000 (10:52 -0500)
In the error cleanup for krb5_rc_io_fetch(), null out rep->msghash
after freeing it, like we do with rep->client and rep->server.  This
omission is currently harmless because krb5_rc_io_fetch() never sets
rep->msghash before failing, but it could result in a double-free or
use after free if the code changes.

src/lib/krb5/rcache/rc_dfl.c patch | blob | blame | history

diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
index c4d2c744da402410159e70369567fdcd25b85a35..80c22ae2dfa295ed458958d31d064e9e9ce94e27 100644 (file)
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -517,7 +517,7 @@ errout:
         free(rep->server);
     if (rep->msghash)
         free(rep->msghash);
-    rep->client = rep->server = 0;
+    rep->client = rep->server = rep->msghash = NULL;
     return retval;
 }
 
Mirror of https://github.com/krb5/krb5.git