Subject: | improper malloc() handling in process_chpw_request() |
In src/kadmin/server/schpw.c:process_chpw_request()):
chpwfail:
clear.length = 2 + strlen(strresult);
clear.data = (char *) malloc(clear.length);
ptr = clear.data;
*ptr++ = (numresult>>8) & 0xff;
If malloc() fails *ptr++ will be a NULL pointer deref.
chpwfail:
clear.length = 2 + strlen(strresult);
clear.data = (char *) malloc(clear.length);
ptr = clear.data;
*ptr++ = (numresult>>8) & 0xff;
If malloc() fails *ptr++ will be a NULL pointer deref.