Ticket History #5302: MITKRB5-SA-2006-003: mechglue argument handling too lax

# Tue Jan 09 14:45:30 2007 tlyu (Taylor Yu) - Ticket created

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 1.5KiB

Fix mechglue argument checks so that output pointers are always
initialized regardless of whether the other arguments fail to validate
for some reason. This avoids freeing of uninitialized pointers.

Initialize the gss_buffer_descs in ovsec_kadmd.c.

Commit By: tlyu

Revision: 19043
Changed Files:
_U trunk/
U trunk/src/kadmin/server/ovsec_kadmd.c
U trunk/src/lib/gssapi/mechglue/g_accept_sec_context.c
U trunk/src/lib/gssapi/mechglue/g_acquire_cred.c
U trunk/src/lib/gssapi/mechglue/g_canon_name.c
U trunk/src/lib/gssapi/mechglue/g_compare_name.c
U trunk/src/lib/gssapi/mechglue/g_delete_sec_context.c
U trunk/src/lib/gssapi/mechglue/g_dsp_name.c
U trunk/src/lib/gssapi/mechglue/g_dsp_status.c
U trunk/src/lib/gssapi/mechglue/g_dup_name.c
U trunk/src/lib/gssapi/mechglue/g_exp_sec_context.c
U trunk/src/lib/gssapi/mechglue/g_export_name.c
U trunk/src/lib/gssapi/mechglue/g_imp_name.c
U trunk/src/lib/gssapi/mechglue/g_imp_sec_context.c
U trunk/src/lib/gssapi/mechglue/g_init_sec_context.c
U trunk/src/lib/gssapi/mechglue/g_initialize.c
U trunk/src/lib/gssapi/mechglue/g_inq_context.c
U trunk/src/lib/gssapi/mechglue/g_inq_cred.c
U trunk/src/lib/gssapi/mechglue/g_inq_names.c
U trunk/src/lib/gssapi/mechglue/g_process_context.c
U trunk/src/lib/gssapi/mechglue/g_seal.c
U trunk/src/lib/gssapi/mechglue/g_sign.c
U trunk/src/lib/gssapi/mechglue/g_store_cred.c
U trunk/src/lib/gssapi/mechglue/g_unseal.c
U trunk/src/lib/gssapi/mechglue/g_verify.c
U trunk/src/lib/gssapi/mechglue/oid_ops.c

# Tue Jan 09 14:45:32 2007 tlyu (Taylor Yu) - Tags pullup added

# Tue Jan 09 14:45:32 2007 tlyu (Taylor Yu) - Status changed from 'new' to 'resolved'

# Tue Jan 09 14:45:33 2007 tlyu (Taylor Yu) - Target_Version 1.6 added

# Tue Jan 09 14:45:34 2007 tlyu (Taylor Yu) - Component krb5-libs added

# Tue Jan 09 14:45:35 2007 tlyu (Taylor Yu) - Requestor tlyu (Taylor Yu) added

# Tue Jan 09 15:21:47 2007 tlyu (Taylor Yu) - Version_Fixed 1.6 added

# Tue Jan 09 15:21:47 2007 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 2KiB

pull up r19043 from trunk

r19043@cathode-dark-space: tlyu | 2007-01-09 14:45:25 -0500
ticket: new
target_version: 1.6
tags: pullup
subject: MITKRB5-SA-2006-003: mechglue argument handling too lax
component: krb5-libs

Fix mechglue argument checks so that output pointers are always
initialized regardless of whether the other arguments fail to validate
for some reason. This avoids freeing of uninitialized pointers.

Initialize the gss_buffer_descs in ovsec_kadmd.c.

Commit By: tlyu

Revision: 19045
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/kadmin/server/ovsec_kadmd.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_accept_sec_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_acquire_cred.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_canon_name.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_compare_name.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_delete_sec_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_dsp_name.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_dsp_status.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_dup_name.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_exp_sec_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_export_name.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_imp_name.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_imp_sec_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_init_sec_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_initialize.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_inq_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_inq_cred.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_inq_names.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_process_context.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_seal.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_sign.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_store_cred.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_unseal.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/g_verify.c
U branches/krb5-1-6/src/lib/gssapi/mechglue/oid_ops.c

# Wed Dec 16 18:02:48 2015 tlyu (Taylor Yu) - CustomField pullup deleted