krb5_fcc_read_addrs returns pointer to released memory on malloc failre
authorEzra Peisach <epeisach@mit.edu>
Thu, 14 Aug 2008 04:55:14 +0000 (04:55 +0000)
committerEzra Peisach <epeisach@mit.edu>
Thu, 14 Aug 2008 04:55:14 +0000 (04:55 +0000)
In cleanup code on malloc failure, addresses are released including
pointer to the krb5_address * - but the freed value is returned to
caller. Clear pointer.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20654 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/cc_file.c

index 0fe099c45752698faae9a5202e3ab18db2bb9f00..f69d4929caf6dd6d944ce3c7726cd5b3dc9aecc8 100644 (file)
@@ -539,6 +539,7 @@ krb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs)
          (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
          if ((*addrs)[i] == NULL) {
              krb5_free_addresses(context, *addrs);
+             *addrs = 0;
              return KRB5_CC_NOMEM;
          }
          (*addrs)[i]->contents = NULL;