Skip Menu |
 

From: jaltman@mit.edu
Subject: SVN Commit
if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.

if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.

This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()



Commit By: jaltman



Revision: 19195
Changed Files:
U trunk/src/lib/krb5/krb/gc_frm_kdc.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r19195 from trunk

r19195@cathode-dark-space: jaltman | 2007-02-28 20:49:11 -0500
ticket: new
subject: krb5_get_cred_from_kdc fails to null terminate the tgt list
tags: pullup

if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.

if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.

This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()





Commit By: tlyu



Revision: 19197
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/krb/gc_frm_kdc.c