* recvauth.c (recvauth_common): Avoid double-free on invalid
version string. Thanks to Magnus Hagander. Fix for
MITKRB5-SA-2005-003 [CAN-2005-1689, VU#623332].
ticket: new
target_version: 1.4.2
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17299
dc483132-0cff-0310-8789-
dd5450dbe970
2005-07-12 Tom Yu <tlyu@mit.edu>
+ * recvauth.c (recvauth_common): Avoid double-free on invalid
+ version string. Thanks to Magnus Hagander. Fix for
+ MITKRB5-SA-2005-003 [CAN-2005-1689, VU#623332].
+
* unparse.c (krb5_unparse_name_ext): Account for zero-component
principal, to avoid single-byte overflow. Thanks to Daniel
Wachdorf. Part of fix for MITKRB5-SA-2005-002 [CAN-2005-1175,
if ((retval = krb5_read_message(context, fd, &inbuf)))
return(retval);
if (strcmp(inbuf.data, sendauth_version)) {
- krb5_xfree(inbuf.data);
problem = KRB5_SENDAUTH_BADAUTHVERS;
}
krb5_xfree(inbuf.data);
if ((retval = krb5_read_message(context, fd, &inbuf)))
return(retval);
if (appl_version && strcmp(inbuf.data, appl_version)) {
- krb5_xfree(inbuf.data);
if (!problem)
problem = KRB5_SENDAUTH_BADAPPLVERS;
}