pullup from trunk

author Tom Yu <tlyu@mit.edu>

Tue, 18 Jan 2005 17:57:32 +0000 (17:57 +0000)

committer Tom Yu <tlyu@mit.edu>

Tue, 18 Jan 2005 17:57:32 +0000 (17:57 +0000)
author Tom Yu <tlyu@mit.edu>
Tue, 18 Jan 2005 17:57:32 +0000 (17:57 +0000)
committer Tom Yu <tlyu@mit.edu>
Tue, 18 Jan 2005 17:57:32 +0000 (17:57 +0000)
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog

index bcd2531c59593adb388108ffbc1ba00bf3f4c19c..4280ec761587a9c5fd1dc91124fbf048a6db9b05 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,8 @@
+2005-01-17  Jeffrey Altman <jaltman@mit.edu>
+        * unparse.c: krb5_unparse_name, krb5_unparse_name_ext()
+          prevent null pointer dereferencing if either 'name' or 'size'    
+          are NULL.
+
  2005-01-15  Jeffrey Altman <jaltman@mit.edu>
  
          * cp_key_cnt.c, copy_princ.c:
diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c

index 6f1a3c9e8b24ae8f6ec804b21d4fc1ca563d503d..badb5bf9703f835ac0206e40148fdb1cfd1dc857 100644 (file)
--- a/src/lib/krb5/krb/unparse.c
+++ b/src/lib/krb5/krb/unparse.c
@@ -26,7 +26,7 @@
   *
   * krb5_unparse_name() routine
   *
- * Rewritten by Theodore Ts'o to propoerly unparse principal names
+ * Rewritten by Theodore Ts'o to properly unparse principal names
   * which have the component or realm separator as part of one of their
   * components.
   */
@@ -66,7 +66,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
         krb5_int32 nelem;
         register unsigned int totalsize = 0;
  
-       if (!principal)
+       if (!principal || !name)
                 return KRB5_PARSE_MALFORMED;
  
         cp = krb5_princ_realm(context, principal)->data;
@@ -99,17 +99,17 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
          * We need only n-1 seperators for n components, but we need
          * an extra byte for the NULL at the end.
          */
-       if (*name) {
-               if (*size < (totalsize)) {
-                       *size = totalsize;
-                       *name = realloc(*name, totalsize);
-               }
-       } else {
-               *name = malloc(totalsize);
-               if (size)
-                       *size = totalsize;
-       }
-       
+        if (size) {
+            if (*name && (*size < totalsize)) {
+                *name = realloc(*name, totalsize);
+            } else {
+                *name = malloc(totalsize);
+            }
+            *size = totalsize;
+        } else {
+            *name = malloc(totalsize);
+        }
+
         if (!*name)
                 return ENOMEM;
  
@@ -191,7 +191,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
  krb5_error_code KRB5_CALLCONV
  krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name)
  {
-       *name = NULL;
+        if (name)                       /* name == NULL will return error from _ext */
+            *name = NULL;
         return(krb5_unparse_name_ext(context, principal, name, NULL));
  }
author	Tom Yu <tlyu@mit.edu>
	Tue, 18 Jan 2005 17:57:32 +0000 (17:57 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Tue, 18 Jan 2005 17:57:32 +0000 (17:57 +0000)
src/lib/krb5/krb/ChangeLog		patch \| blob \| history
src/lib/krb5/krb/unparse.c		patch \| blob \| history