projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e0994f8)
fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()
authorTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 04:38:28 +0000 (04:38 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 04:38:28 +0000 (04:38 +0000)
ticket: 5856
tags: pullup
target_version: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20178 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/mechglue/g_initialize.c patch | blob | history

diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index e25b1faf08e2646b1bde75f4430cc3da58e7b626..d47499caf8911ab0ccbc357afb957b41f19c663e 100644 (file)
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -213,7 +213,7 @@ gss_OID_set *mechSet;
                                free((*mechSet)->elements[j].elements);
                        }
                        free((*mechSet)->elements);
-                       free(mechSet);
+                       free(*mechSet);
                        *mechSet = NULL;
                        return (GSS_S_FAILURE);
                }
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.