Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Length: 39006
Hi,
There is a null pointer deference in function CLeashApp::GetProfileFile() in Leash.cpp.
1017 BOOL 1018 CLeashApp::GetProfileFile( 1019 LPSTR confname, 1020 UINT szConfname 1021 ) 1022 { 1023 char **configFile = NULL; 1024 if (!m_hKrb5DLL) 1025 return NULL; 1026 1027 if (pkrb5_get_default_config_files(&configFile)) 1028 { 1029 GetWindowsDirectory(confname,szConfname); 1030 confname[szConfname-1] = '\0'; 1031 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname)); 1032 confname[szConfname-1] = '\0'; 1033 return FALSE; 1034 } 1035 1036 *confname = 0; 1037 1038 if (configFile) 1039 { 1040 strncpy(confname, *configFile, szConfname); 1041 confname[szConfname-1] = '\0'; 1042 pkrb5_free_config_files(configFile); 1043 } 1044 1045 if (!*confname) 1046 { 1047 GetWindowsDirectory(confname,szConfname); 1048 confname[szConfname-1] = '\0'; 1049 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname)); 1050 confname[szConfname-1] = '\0'; 1051 } 1052 1053 return FALSE; 1054 } |
if krb5_get_default_config_files() returns success and an empty list, then GetProfileFile () will attempt to dereference a null pointer. check for the empty list and treat it as failure.
Below is the proposal patch for function CLeashApp::GetProfileFile().
- if
(pkrb5_get_default_config_files(&configFile)) + if (pkrb5_get_default_config_files(&configFile) || !configFile[0]) { GetWindowsDirectory(confname,szConfname); confname[szConfname-1] = '\0'; |
Young