Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: improper malloc() handling in process_chpw_request() X-RT-Original-Encoding: iso-8859-1 Content-Length: 271 In src/kadmin/server/schpw.c:process_chpw_request()): chpwfail: clear.length = 2 + strlen(strresult); clear.data = (char *) malloc(clear.length); ptr = clear.data; *ptr++ = (numresult>>8) & 0xff; If malloc() fails *ptr++ will be a NULL pointer deref.