+2005-07-12 Tom Yu <tlyu@mit.edu>
+
+ * do_as_req.c (prepare_error_as):
+ * do_tgs_req.c (prepare_error_tgs): Free scratch only if no error,
+ to avoid double-free. Thanks to Daniel Wachdorf for discovering
+ these. Part of fix for MITKRB5-SA-2005-002 [CAN-2005-1174,
+ VU#259798].
+
+ * network.c (process_packet): Initialize response to NULL.
+
2004-09-23 Ken Raeburn <raeburn@mit.edu>
* network.c (closedown_network): Free each connection data
retval = krb5_mk_error(kdc_context, &errpkt, scratch);
free(errpkt.text.data);
- *response = scratch;
+ if (retval)
+ free(scratch);
+ else
+ *response = scratch;
+
return retval;
}
retval = krb5_mk_error(kdc_context, &errpkt, scratch);
free(errpkt.text.data);
- *response = scratch;
+ if (retval)
+ free(scratch);
+ else
+ *response = scratch;
+
return retval;
}
char pktbuf[MAX_DGRAM_SIZE];
int port_fd = conn->fd;
+ response = NULL;
saddr_len = sizeof(saddr);
cc = recvfrom(port_fd, pktbuf, sizeof(pktbuf), 0,
(struct sockaddr *)&saddr, &saddr_len);
+2005-07-12 Tom Yu <tlyu@mit.edu>
+
+ * unparse.c (krb5_unparse_name_ext): Account for zero-component
+ principal, to avoid single-byte overflow. Thanks to Daniel
+ Wachdorf. Part of fix for MITKRB5-SA-2005-002 [CAN-2005-1175,
+ VU#885830].
+
2005-03-22 Tom Yu <tlyu@mit.edu>
* x-deltat.y (wsnum): Add missing semicolon following YYERROR,
totalsize++;
totalsize++; /* This is for the separator */
}
+ if (nelem == 0)
+ totalsize++;
/*
* Allocate space for the ascii string; if space has been