From mhpower@MIT.EDU Mon Dec 29 03:06:27 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id DAA02526 for <bugs@RT-11.MIT.EDU>; Mon, 29 Dec 1997 03:06:26 -0500
Received: from YAZ-PISTACHIO.MIT.EDU by MIT.EDU with SMTP
id AB15829; Mon, 29 Dec 97 03:06:40 EST
Received: by yaz-pistachio.MIT.EDU (5.57/4.7) id AA26738; Mon, 29 Dec 97 03:06:24 -0500
Message-Id: <9712290806.AA26738@yaz-pistachio.MIT.EDU>
Date: Mon, 29 Dec 1997 03:06:23 EST
From: mhpower@MIT.EDU
Reply-To: mhpower@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: missing malloc return-value checks in lib/krb5
X-Send-Pr-Version: 3.99
System: any
Machine: any
value of malloc is not checked. This can result in
anomalous behavior if the return value is NULL.
there is little free virtual memory.
--- krb5-current/src/lib/krb5/asn.1/asn1buf.c Mon Dec 29 02:13:06 1997
***************
*** 237,238 ****
--- 237,242 ----
(*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char));
+ if ((*code)->data == NULL){
+ free(*code);
+ return ENOMEM;
+ }
for(i=0; i < (*code)->length; i++)
*** krb5-current/src/lib/krb5/krb/chpw.c.old Sun Dec 28 03:05:05 1997
--- krb5-current/src/lib/krb5/krb/chpw.c Mon Dec 29 01:48:46 1997
***************
*** 33,34 ****
--- 33,36 ----
packet->data = (char *) malloc(packet->length);
+ if (packet->data == NULL)
+ return(ENOMEM);
ptr = packet->data;
***************
*** 178,179 ****
--- 180,185 ----
result_data->data = (char *) malloc(result_data->length);
+ if (result_data->data == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
memcpy(result_data->data, ptr, result_data->length);
*** krb5-current/src/lib/krb5/krb/preauth.c.old Sun Dec 28 03:05:09 1997
--- krb5-current/src/lib/krb5/krb/preauth.c Mon Dec 29 02:00:03 1997
***************
*** 480,481 ****
--- 480,484 ----
prompt_len+ strlen(sep3) + 1);
+ if (p == NULL) {
+ return NULL;
+ }
if (challenge_len) {
***************
*** 542,544 ****
--- 545,554 ----
char *passcode = malloc(pcsize+1);
+ if (passcode == NULL) {
+ return ENOMEM;
+ }
prompt = handle_sam_labels(sam_challenge);
+ if (prompt == NULL) {
+ free(passcode);
+ return ENOMEM;
+ }
retval = krb5_read_password(context, prompt, 0, passcode, &pcsize);
***************
*** 554,555 ****
--- 564,568 ----
prompt = handle_sam_labels(sam_challenge);
+ if (prompt == NULL) {
+ return ENOMEM;
+ }
retval = sam_get_pass_from_user(context, etype_info, key_proc,
*** krb5-current/src/lib/krb5/os/changepw.c.old Sun Dec 28 03:05:13 1997
--- krb5-current/src/lib/krb5/os/changepw.c Mon Dec 29 02:03:06 1997
***************
*** 127,130 ****
--- 127,132 ----
addr_p = (struct sockaddr *) malloc(sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
host = hostlist[0];
***************
*** 168,171 ****
--- 170,175 ----
realloc ((char *)addr_p,
sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
}
}
*** krb5-current/src/lib/krb5/os/locate_kdc.c.old Sun Dec 28 03:05:15 1997
--- krb5-current/src/lib/krb5/os/locate_kdc.c Mon Dec 29 02:03:34 1997
***************
*** 150,153 ****
--- 150,155 ----
addr_p = (struct sockaddr *)malloc (sizeof (struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
for (i=0, out=0; hostlist[i]; i++) {
***************
*** 196,199 ****
--- 198,203 ----
realloc ((char *)addr_p,
sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
}
if (sec_udpport && !port) {
Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Fri Jan 2 22:37:20 1998
Responsible-Changed-Why:
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Fri Jan 2 22:37:28 1998
State-Changed-Why:
Fixed
src/lib/krb5/asn.1/asn1buf.c 5.13
src/lib/krb5/krb/chpw.c 5.2
src/lib/krb5/krb/preauth.c 5.27
src/lib/krb5/os/changepw.c 5.2
src/lib/krb5/os/locate_kdc.c 5.31
From: Tom Yu <tlyu@MIT.EDU>
To: mhpower@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/518: missing malloc return-value checks in lib/krb5
Date: Fri, 2 Jan 1998 22:39:48 -0500
Thanks for the patch; it should get picked up by the next update.
---Tom
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id DAA02526 for <bugs@RT-11.MIT.EDU>; Mon, 29 Dec 1997 03:06:26 -0500
Received: from YAZ-PISTACHIO.MIT.EDU by MIT.EDU with SMTP
id AB15829; Mon, 29 Dec 97 03:06:40 EST
Received: by yaz-pistachio.MIT.EDU (5.57/4.7) id AA26738; Mon, 29 Dec 97 03:06:24 -0500
Message-Id: <9712290806.AA26738@yaz-pistachio.MIT.EDU>
Date: Mon, 29 Dec 1997 03:06:23 EST
From: mhpower@MIT.EDU
Reply-To: mhpower@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: missing malloc return-value checks in lib/krb5
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 518
>Category: krb5-libs
>Synopsis: missing malloc return-value checks in lib/krb5
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Dec 29 03:07:00 EST 1997
>Last-Modified: Fri Jan 02 22:41:01 EST 1998
>Originator: Matt Power
>Organization:
MIT>Category: krb5-libs
>Synopsis: missing malloc return-value checks in lib/krb5
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Dec 29 03:07:00 EST 1997
>Last-Modified: Fri Jan 02 22:41:01 EST 1998
>Originator: Matt Power
>Organization:
Show quoted text
>Release: current
>Environment:
any>Environment:
System: any
Machine: any
Show quoted text
>Description:
In some portions of the code under lib/krb5, the returnvalue of malloc is not checked. This can result in
anomalous behavior if the return value is NULL.
Show quoted text
>How-To-Repeat:
Call the library functions in an environment in whichthere is little free virtual memory.
Show quoted text
>Fix:
*** krb5-current/src/lib/krb5/asn.1/asn1buf.c.old Sun Dec 28 03:04:45 1997--- krb5-current/src/lib/krb5/asn.1/asn1buf.c Mon Dec 29 02:13:06 1997
***************
*** 237,238 ****
--- 237,242 ----
(*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char));
+ if ((*code)->data == NULL){
+ free(*code);
+ return ENOMEM;
+ }
for(i=0; i < (*code)->length; i++)
*** krb5-current/src/lib/krb5/krb/chpw.c.old Sun Dec 28 03:05:05 1997
--- krb5-current/src/lib/krb5/krb/chpw.c Mon Dec 29 01:48:46 1997
***************
*** 33,34 ****
--- 33,36 ----
packet->data = (char *) malloc(packet->length);
+ if (packet->data == NULL)
+ return(ENOMEM);
ptr = packet->data;
***************
*** 178,179 ****
--- 180,185 ----
result_data->data = (char *) malloc(result_data->length);
+ if (result_data->data == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
memcpy(result_data->data, ptr, result_data->length);
*** krb5-current/src/lib/krb5/krb/preauth.c.old Sun Dec 28 03:05:09 1997
--- krb5-current/src/lib/krb5/krb/preauth.c Mon Dec 29 02:00:03 1997
***************
*** 480,481 ****
--- 480,484 ----
prompt_len+ strlen(sep3) + 1);
+ if (p == NULL) {
+ return NULL;
+ }
if (challenge_len) {
***************
*** 542,544 ****
--- 545,554 ----
char *passcode = malloc(pcsize+1);
+ if (passcode == NULL) {
+ return ENOMEM;
+ }
prompt = handle_sam_labels(sam_challenge);
+ if (prompt == NULL) {
+ free(passcode);
+ return ENOMEM;
+ }
retval = krb5_read_password(context, prompt, 0, passcode, &pcsize);
***************
*** 554,555 ****
--- 564,568 ----
prompt = handle_sam_labels(sam_challenge);
+ if (prompt == NULL) {
+ return ENOMEM;
+ }
retval = sam_get_pass_from_user(context, etype_info, key_proc,
*** krb5-current/src/lib/krb5/os/changepw.c.old Sun Dec 28 03:05:13 1997
--- krb5-current/src/lib/krb5/os/changepw.c Mon Dec 29 02:03:06 1997
***************
*** 127,130 ****
--- 127,132 ----
addr_p = (struct sockaddr *) malloc(sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
host = hostlist[0];
***************
*** 168,171 ****
--- 170,175 ----
realloc ((char *)addr_p,
sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
}
}
*** krb5-current/src/lib/krb5/os/locate_kdc.c.old Sun Dec 28 03:05:15 1997
--- krb5-current/src/lib/krb5/os/locate_kdc.c Mon Dec 29 02:03:34 1997
***************
*** 150,153 ****
--- 150,155 ----
addr_p = (struct sockaddr *)malloc (sizeof (struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
for (i=0, out=0; hostlist[i]; i++) {
***************
*** 196,199 ****
--- 198,203 ----
realloc ((char *)addr_p,
sizeof(struct sockaddr) * count);
+ if (addr_p == NULL)
+ return ENOMEM;
}
if (sec_udpport && !port) {
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Fri Jan 2 22:37:20 1998
Responsible-Changed-Why:
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Fri Jan 2 22:37:28 1998
State-Changed-Why:
Fixed
src/lib/krb5/asn.1/asn1buf.c 5.13
src/lib/krb5/krb/chpw.c 5.2
src/lib/krb5/krb/preauth.c 5.27
src/lib/krb5/os/changepw.c 5.2
src/lib/krb5/os/locate_kdc.c 5.31
From: Tom Yu <tlyu@MIT.EDU>
To: mhpower@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-libs/518: missing malloc return-value checks in lib/krb5
Date: Fri, 2 Jan 1998 22:39:48 -0500
Thanks for the patch; it should get picked up by the next update.
---Tom
Show quoted text
>Unformatted: