Date: | Fri, 03 Dec 2004 00:05:03 -0500 |
From: | Chaskiel M Grundman <cg2v@andrew.cmu.edu> |
To: | krb5-bugs@mit.edu |
Subject: | dead code in init_common() causes malloc(0) |
init_common(), in 1.3.5, contains the following code:
if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
goto cleanup;
ctx->conf_tgs_ktypes = calloc(ctx->tgs_ktype_count,
sizeof(krb5_enctype));
if (ctx->conf_tgs_ktypes == NULL && ctx->tgs_ktype_count != 0)
goto cleanup;
memcpy(ctx->conf_tgs_ktypes, ctx->tgs_ktypes,
sizeof(krb5_enctype) * ctx->tgs_ktype_count);
ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;
The problem is that calling krb5_set_default_tgs_ktypes with a second
parameter of NULL always results in ctx->tgs_ktype_count being set to 0, so
this block of code calls calloc(0, sizeof(krb5_enctype)) and
memcpy([something], [something else], 0), to no effect, other than to cause
problems with malloc implementations that do not like malloc(0)
In fact, there seems to be no reason for init_common() to call
krb5_set_default_in_tkt_ktypes() or krb5_set_default_tgs_ktypes() unless
those functions are going to eventually having functionality similar to
krb5_get_default_in_tkt_ktypes and krb5_get_tgs_ktypes when called with a
NULL enctype list.
At the very least, the calloc/memcpy should be wrapped in a 'if
(ctx->tgs_ktype_count) {}' block
if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
goto cleanup;
ctx->conf_tgs_ktypes = calloc(ctx->tgs_ktype_count,
sizeof(krb5_enctype));
if (ctx->conf_tgs_ktypes == NULL && ctx->tgs_ktype_count != 0)
goto cleanup;
memcpy(ctx->conf_tgs_ktypes, ctx->tgs_ktypes,
sizeof(krb5_enctype) * ctx->tgs_ktype_count);
ctx->conf_tgs_ktypes_count = ctx->tgs_ktype_count;
The problem is that calling krb5_set_default_tgs_ktypes with a second
parameter of NULL always results in ctx->tgs_ktype_count being set to 0, so
this block of code calls calloc(0, sizeof(krb5_enctype)) and
memcpy([something], [something else], 0), to no effect, other than to cause
problems with malloc implementations that do not like malloc(0)
In fact, there seems to be no reason for init_common() to call
krb5_set_default_in_tkt_ktypes() or krb5_set_default_tgs_ktypes() unless
those functions are going to eventually having functionality similar to
krb5_get_default_in_tkt_ktypes and krb5_get_tgs_ktypes when called with a
NULL enctype list.
At the very least, the calloc/memcpy should be wrapped in a 'if
(ctx->tgs_ktype_count) {}' block
Message body not shown because it is not plain text.