Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: tlyu@mit.edu Subject: SVN Commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 896 pull up r19195 from trunk r19195@cathode-dark-space: jaltman | 2007-02-28 20:49:11 -0500 ticket: new subject: krb5_get_cred_from_kdc fails to null terminate the tgt list tags: pullup if the next tgt in a cross-realm traversal cannot be obtained find_nxt_kdc() was calling krb5_free_creds() on the last tgt in the list but was failing to nullify the pointer to the cred that was just freed. if there were no additional tgts obtained, krb5_get_cred_from_kdc() would return a non-NULL terminated cred list to the caller. This would result in a crash when attempting to manipulate the non-existent cred past the end of the list. This commit nullifies the credential pointer in find_nxt_kdc() after the call to krb5_free_creds() Commit By: tlyu Revision: 19197 Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/krb/gc_frm_kdc.c