Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Length: 39006

Hi,

There is a null pointer deference in function CLeashApp::GetProfileFile() in Leash.cpp.

1017 BOOL
1018 CLeashApp::GetProfileFile(
1019     LPSTR confname,
1020     UINT szConfname
1021     )
1022 {
1023     char **configFile = NULL;
1024     if (!m_hKrb5DLL)
1025         return NULL;
1026
1027     if (pkrb5_get_default_config_files(&configFile))
1028     {
1029         GetWindowsDirectory(confname,szConfname);
1030         confname[szConfname-1] = '\0';
1031         strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
1032         confname[szConfname-1] = '\0';
1033         return FALSE;
1034     }
1035
1036     *confname = 0;
1037
1038     if (configFile)
1039     {
1040         strncpy(confname, *configFile, szConfname);
1041         confname[szConfname-1] = '\0';
1042         pkrb5_free_config_files(configFile);
1043     }
1044
1045     if (!*confname)
1046     {
1047         GetWindowsDirectory(confname,szConfname);
1048         confname[szConfname-1] = '\0';
1049         strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
1050         confname[szConfname-1] = '\0';
1051     }
1052
1053     return FALSE;
1054 }

if krb5_get_default_config_files() returns success and an empty list, then GetProfileFile () will attempt to dereference a null pointer. check for the empty list and treat it as failure.

Below is the proposal patch for function CLeashApp::GetProfileFile().

-        if (pkrb5_get_default_config_files(&configFile))
+        if (pkrb5_get_default_config_files(&configFile) || !configFile[0])
         {
             GetWindowsDirectory(confname,szConfname);
             confname[szConfname-1] = '\0';

Young