Skip Menu |
 

Subject: improper malloc() handling in process_chpw_request()
In src/kadmin/server/schpw.c:process_chpw_request()):

chpwfail:

clear.length = 2 + strlen(strresult);
clear.data = (char *) malloc(clear.length);

ptr = clear.data;

*ptr++ = (numresult>>8) & 0xff;

If malloc() fails *ptr++ will be a NULL pointer deref.
From: ghudson@mit.edu
Subject: git commit

Check for malloc failure in process_chpw_request

https://github.com/krb5/krb5/commit/4356deefa2d2fe0bc7b52f3b62a387c7ec1eb369
Author: Greg Hudson <ghudson@mit.edu>
Commit: 4356deefa2d2fe0bc7b52f3b62a387c7ec1eb369
Branch: master
src/kadmin/server/schpw.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Check for malloc failure in process_chpw_request

(cherry picked from commit 4356deefa2d2fe0bc7b52f3b62a387c7ec1eb369)

https://github.com/krb5/krb5/commit/f4bd63ff6492e3440a6e1e63fca8df880c060f65
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: f4bd63ff6492e3440a6e1e63fca8df880c060f65
Branch: krb5-1.12
src/kadmin/server/schpw.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)