projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 17a1e8e)
pull up r20178 from trunk
authorTom Yu <tlyu@mit.edu>
Sat, 15 Dec 2007 01:22:32 +0000 (01:22 +0000)
committerTom Yu <tlyu@mit.edu>
Sat, 15 Dec 2007 01:22:32 +0000 (01:22 +0000)
 r20178@cathode-dark-space:  tlyu | 2007-12-13 23:38:28 -0500
 ticket: 5856
 tags: pullup
 target_version: 1.6.4

 fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()

ticket: 5854
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20184 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/mechglue/g_initialize.c patch | blob | history

diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index 0c4513cacdb134676ce1fd16cf9a5a0fcce49f0e..b4a668a5572eea7d45c7a02fbfdd535c15798e12 100644 (file)
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -208,7 +208,7 @@ gss_OID_set *mechSet;
                                free((*mechSet)->elements[j].elements);
                        }
                        free((*mechSet)->elements);
-                       free(mechSet);
+                       free(*mechSet);
                        *mechSet = NULL;
                        return (GSS_S_FAILURE);
                }
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.