Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
X-RT-Original-Encoding: iso-8859-1
Content-Length: 2306

From tlyu@MIT.EDU  Tue Sep 24 19:52:02 1996
Received: from dragons-lair.MIT.EDU (DRAGONS-LAIR.MIT.EDU [18.177.1.200]) by avalanche-breakdown.MIT.EDU (8.7.5/8.7.3) with SMTP id TAA20319 for <bugs@AVALANCHE-BREAKDOWN.MIT.EDU>; Tue, 24 Sep 1996 19:52:01 -0400
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by dragons-lair.MIT.EDU (8.6.13/8.6.9) with SMTP id TAA13613 for <krb5-bugs@dragons-lair.mit.edu>; Tue, 24 Sep 1996 19:52:00 -0400
Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP
	id AA22162; Tue, 24 Sep 96 19:51:59 EDT
Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA28096; Tue, 24 Sep 1996 19:51:53 -0400
Message-Id: <9609242351.AA28096@tesla-coil.MIT.EDU>
Date: Tue, 24 Sep 1996 19:51:53 -0400
From: tlyu@MIT.EDU
Reply-To: tlyu@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: uninitialized memory in k5b6 get_in_tkt.c
X-Send-Pr-Version: 3.99

>Number:         23
>Category:       krb5-libs
>Synopsis:       uninitialized memory in k5b6 get_in_tkt.c
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    tytso
>State:          closed
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue Sep e 19:55:01 EDT 1996
>Last-Modified:  Tue Sep e 21:05:39 EDT 1996
>Originator:     Tom Yu
>Organization:
mit
>Release:        unknown-1.0
>Environment:
	
System: SunOS tesla-coil 5.4 Generic_101945-37 sun4m sparc


>Description:
Date: Wed, 11 Sep 1996 18:59:51 -0400
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

get_in_tkt.c::make_preauth_list() allocates an array of N+1
(krb5_pa_data*)'s for the usual NULL-terminated array of pointers
structure used throughout krb5, but never actually NULL-terminates the
array.
>How-To-Repeat:
	
>Fix:
The following excerpt from a context diff shows where the fix should go..

  	(*preauthp)->pa_type = *ptypep;
  	(*preauthp)->length = 0;
  	(*preauthp)->contents = 0;
      }
+     *preauthp = NULL;
      *ret_list = preauth_to_use;
      return 0;
  }
>Audit-Trail:

Responsible-Changed-From-To: krb5-unassigned->tytso
Responsible-Changed-By: tytso
Responsible-Changed-When: Tue Sep 24 21:04:10 1996
Responsible-Changed-Why: I'm in charge here!

State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Tue Sep 24 21:05:01 1996
State-Changed-Why: problem fixed.

>Unformatted: