krb5_unparse_name(), krb5_unparse_name_ext():
authorJeffrey Altman <jaltman@secure-endpoints.com>
Mon, 17 Jan 2005 19:10:31 +0000 (19:10 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Mon, 17 Jan 2005 19:10:31 +0000 (19:10 +0000)
prevent dereferencing of pointer if 'name' or 'size' are NULL

ticket: new
tags: pullup
target_version: 1.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17049 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/unparse.c

index 27e5174c253c4fbc77c78eec0a2286afc519a4fa..a3520b7a7a98a52b48586adde708abac16038ce3 100644 (file)
@@ -1,3 +1,8 @@
+2005-01-17  Jeffrey Altman <jaltman@mit.edu>
+        * unparse.c: krb5_unparse_name, krb5_unparse_name_ext()
+          prevent null pointer dereferencing if either 'name' or 'size'    
+          are NULL.
+
 2005-01-17  Ezra Peisach  <epeisach@mit.edu>
 
        * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): More memory leaks
index 6f1a3c9e8b24ae8f6ec804b21d4fc1ca563d503d..badb5bf9703f835ac0206e40148fdb1cfd1dc857 100644 (file)
@@ -26,7 +26,7 @@
  *
  * krb5_unparse_name() routine
  *
- * Rewritten by Theodore Ts'o to propoerly unparse principal names
+ * Rewritten by Theodore Ts'o to properly unparse principal names
  * which have the component or realm separator as part of one of their
  * components.
  */
@@ -66,7 +66,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
        krb5_int32 nelem;
        register unsigned int totalsize = 0;
 
-       if (!principal)
+       if (!principal || !name)
                return KRB5_PARSE_MALFORMED;
 
        cp = krb5_princ_realm(context, principal)->data;
@@ -99,17 +99,17 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
         * We need only n-1 seperators for n components, but we need
         * an extra byte for the NULL at the end.
         */
-       if (*name) {
-               if (*size < (totalsize)) {
-                       *size = totalsize;
-                       *name = realloc(*name, totalsize);
-               }
-       } else {
-               *name = malloc(totalsize);
-               if (size)
-                       *size = totalsize;
-       }
-       
+        if (size) {
+            if (*name && (*size < totalsize)) {
+                *name = realloc(*name, totalsize);
+            } else {
+                *name = malloc(totalsize);
+            }
+            *size = totalsize;
+        } else {
+            *name = malloc(totalsize);
+        }
+
        if (!*name)
                return ENOMEM;
 
@@ -191,7 +191,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi
 krb5_error_code KRB5_CALLCONV
 krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name)
 {
-       *name = NULL;
+        if (name)                       /* name == NULL will return error from _ext */
+            *name = NULL;
        return(krb5_unparse_name_ext(context, principal, name, NULL));
 }