From 24452cd737951fa6e0f35e97c6a644a9db0aa82d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 9 May 2016 13:45:06 -0400 Subject: [PATCH] Fix unlikely pointer error in get_in_tkt.c In add_padata(), reset the caller's pointer and ensure the list is terminated as soon as realloc() succeeds; otherwise, the old pointer could be left behind if a later allocation fails. ticket: 8413 (new) target_version: 1.14-next target_version: 1.13-next tags: pullup --- src/lib/krb5/krb/get_in_tkt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 37f29ccffa..24cd97072d 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -344,10 +344,11 @@ add_padata(krb5_pa_data ***padptr, krb5_preauthtype pa_type, if (pad) for (size=0; pad[size]; size++); pad = realloc(pad, sizeof(*pad)*(size+2)); - if (pad == NULL) return ENOMEM; - pad[size+1] = NULL; + *padptr = pad; + pad[size] = pad[size + 1] = NULL; + pa = malloc(sizeof(krb5_pa_data)); if (pa == NULL) return ENOMEM; @@ -363,7 +364,6 @@ add_padata(krb5_pa_data ***padptr, krb5_preauthtype pa_type, } pa->pa_type = pa_type; pad[size] = pa; - *padptr = pad; return 0; } -- 2.47.2