From tlyu@MIT.EDU Tue Sep 24 19:52:02 1996
Received: from dragons-lair.MIT.EDU (DRAGONS-LAIR.MIT.EDU [18.177.1.200]) by avalanche-breakdown.MIT.EDU (8.7.5/8.7.3) with SMTP id TAA20319 for <bugs@AVALANCHE-BREAKDOWN.MIT.EDU>; Tue, 24 Sep 1996 19:52:01 -0400
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by dragons-lair.MIT.EDU (8.6.13/8.6.9) with SMTP id TAA13613 for <krb5-bugs@dragons-lair.mit.edu>; Tue, 24 Sep 1996 19:52:00 -0400
Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP
id AA22162; Tue, 24 Sep 96 19:51:59 EDT
Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA28096; Tue, 24 Sep 1996 19:51:53 -0400
Message-Id: <9609242351.AA28096@tesla-coil.MIT.EDU>
Date: Tue, 24 Sep 1996 19:51:53 -0400
From: tlyu@MIT.EDU
Reply-To: tlyu@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: uninitialized memory in k5b6 get_in_tkt.c
X-Send-Pr-Version: 3.99
System: SunOS tesla-coil 5.4 Generic_101945-37 sun4m sparc
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
get_in_tkt.c::make_preauth_list() allocates an array of N+1
(krb5_pa_data*)'s for the usual NULL-terminated array of pointers
structure used throughout krb5, but never actually NULL-terminates the
array.
(*preauthp)->pa_type = *ptypep;
(*preauthp)->length = 0;
(*preauthp)->contents = 0;
}
+ *preauthp = NULL;
*ret_list = preauth_to_use;
return 0;
}
Responsible-Changed-From-To: krb5-unassigned->tytso
Responsible-Changed-By: tytso
Responsible-Changed-When: Tue Sep 24 21:04:10 1996
Responsible-Changed-Why: I'm in charge here!
State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Tue Sep 24 21:05:01 1996
State-Changed-Why: problem fixed.
Received: from dragons-lair.MIT.EDU (DRAGONS-LAIR.MIT.EDU [18.177.1.200]) by avalanche-breakdown.MIT.EDU (8.7.5/8.7.3) with SMTP id TAA20319 for <bugs@AVALANCHE-BREAKDOWN.MIT.EDU>; Tue, 24 Sep 1996 19:52:01 -0400
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by dragons-lair.MIT.EDU (8.6.13/8.6.9) with SMTP id TAA13613 for <krb5-bugs@dragons-lair.mit.edu>; Tue, 24 Sep 1996 19:52:00 -0400
Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP
id AA22162; Tue, 24 Sep 96 19:51:59 EDT
Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA28096; Tue, 24 Sep 1996 19:51:53 -0400
Message-Id: <9609242351.AA28096@tesla-coil.MIT.EDU>
Date: Tue, 24 Sep 1996 19:51:53 -0400
From: tlyu@MIT.EDU
Reply-To: tlyu@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: uninitialized memory in k5b6 get_in_tkt.c
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 23
>Category: krb5-libs
>Synopsis: uninitialized memory in k5b6 get_in_tkt.c
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tytso
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Sep e 19:55:01 EDT 1996
>Last-Modified: Tue Sep e 21:05:39 EDT 1996
>Originator: Tom Yu
>Organization:
mit>Category: krb5-libs
>Synopsis: uninitialized memory in k5b6 get_in_tkt.c
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tytso
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Sep e 19:55:01 EDT 1996
>Last-Modified: Tue Sep e 21:05:39 EDT 1996
>Originator: Tom Yu
>Organization:
Show quoted text
>Release: unknown-1.0
>Environment:
>Environment:
System: SunOS tesla-coil 5.4 Generic_101945-37 sun4m sparc
Show quoted text
>Description:
Date: Wed, 11 Sep 1996 18:59:51 -0400From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
get_in_tkt.c::make_preauth_list() allocates an array of N+1
(krb5_pa_data*)'s for the usual NULL-terminated array of pointers
structure used throughout krb5, but never actually NULL-terminates the
array.
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
The following excerpt from a context diff shows where the fix should go..(*preauthp)->pa_type = *ptypep;
(*preauthp)->length = 0;
(*preauthp)->contents = 0;
}
+ *preauthp = NULL;
*ret_list = preauth_to_use;
return 0;
}
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: krb5-unassigned->tytso
Responsible-Changed-By: tytso
Responsible-Changed-When: Tue Sep 24 21:04:10 1996
Responsible-Changed-Why: I'm in charge here!
State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Tue Sep 24 21:05:01 1996
State-Changed-Why: problem fixed.
Show quoted text
>Unformatted: