From: | epeisach@mit.edu |
Subject: | CVS Commit |
subject; krb5_do_preauth could attempt to free NULL pointer.
* preauth2.c (krb5_do_preauth): Upon error in decoding
krb5_type_info{,2}, on failure, do not call krb5_free_type_info
with a null pointer.
The only way to reach this code is to set a preauth list requesting for ETYPE_INFO
or ETYPE_INFO2 in a call to krb5_get_in_tkt_with_password.
Before sending the request, krb5_do_preauth tries to parse a NULL length asn1 buffer,
fails and tries to free a null pointer.
To generate a diff of this commit:
cvs diff -r5.458 -r5.459 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.27 -r5.28 krb5/src/lib/krb5/krb/preauth2.c
* preauth2.c (krb5_do_preauth): Upon error in decoding
krb5_type_info{,2}, on failure, do not call krb5_free_type_info
with a null pointer.
The only way to reach this code is to set a preauth list requesting for ETYPE_INFO
or ETYPE_INFO2 in a call to krb5_get_in_tkt_with_password.
Before sending the request, krb5_do_preauth tries to parse a NULL length asn1 buffer,
fails and tries to free a null pointer.
To generate a diff of this commit:
cvs diff -r5.458 -r5.459 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.27 -r5.28 krb5/src/lib/krb5/krb/preauth2.c