Skip Menu |
 

Date: Fri, 03 Dec 2004 00:05:03 -0500
From: Chaskiel M Grundman <cg2v@andrew.cmu.edu>
To: krb5-bugs@mit.edu
Subject: dead code in init_common() causes malloc(0)
Download (untitled) / with headers
text/plain 1.2KiB
init_common(), in 1.3.5, contains the following code:

if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
goto cleanup;

ctx->conf_tgs_ktypes = calloc(ctx->tgs_ktype_count,
sizeof(krb5_enctype));
if (ctx->conf_tgs_ktypes == NULL && ctx->tgs_ktype_count != 0)
goto cleanup;
memcpy(ctx->conf_tgs_ktypes, ctx->tgs_ktypes,
sizeof(krb5_enctype) * ctx->tgs_ktype_count);
ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;


The problem is that calling krb5_set_default_tgs_ktypes with a second
parameter of NULL always results in ctx->tgs_ktype_count being set to 0, so
this block of code calls calloc(0, sizeof(krb5_enctype)) and
memcpy([something], [something else], 0), to no effect, other than to cause
problems with malloc implementations that do not like malloc(0)

In fact, there seems to be no reason for init_common() to call
krb5_set_default_in_tkt_ktypes() or krb5_set_default_tgs_ktypes() unless
those functions are going to eventually having functionality similar to
krb5_get_default_in_tkt_ktypes and krb5_get_tgs_ktypes when called with a
NULL enctype list.

At the very least, the calloc/memcpy should be wrapped in a 'if
(ctx->tgs_ktype_count) {}' block
Download (untitled)
application/pkcs7-signature 3.6KiB

Message body not shown because it is not plain text.

Cc: krb5-prs@mit.edu
From: Ken Raeburn <raeburn@MIT.EDU>
Subject: Re: [krbdev.mit.edu #2786] dead code in init_common() causes malloc(0)
Date: Fri, 3 Dec 2004 21:19:03 -0500
To: rt@krbdev.mit.edu
RT-Send-Cc:
I don't think the code is doing anything actually invalid according to
the C-1990 spec (which we're assuming compliance to). It allows
malloc(0) calls (returning either NULL or a unique pointer), and memcpy
shouldn't be reading or storing anything if the length is zero.

Nevertheless, if it's always a null pointer and zero length, it is kind
of silly for us to have those calls there.

Ken
From: raeburn@mit.edu
Subject: CVS Commit
Since it appears we don't actually set the conf_tgs_ktypes field except in this
initial allocation of zero elements, it can be deleted, along with
conf_tgs_ktypes_count and the associated code...

Commit By: raeburn



Revision: 18105
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/krb/init_ctx.c