krb5int_rd_chpw_rep could call krb5_free_error with random value
authorEzra Peisach <epeisach@mit.edu>
Wed, 10 Jun 2009 02:55:22 +0000 (02:55 +0000)
committerEzra Peisach <epeisach@mit.edu>
Wed, 10 Jun 2009 02:55:22 +0000 (02:55 +0000)
clang picked up on a path in which krberror is not set and passed as
an argument to krb5_free_error(). Essentially if the clearresult
length < 2 but everything decodes - you can hit this path...

ticket: 6511

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22409 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/chpw.c

index 1a4013dd772ae74baef8c85b848ec0c6a574563b..d38a7ef397d9e46b98b5cf4fd45fe05e79da02fd 100644 (file)
@@ -83,7 +83,7 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     krb5_error_code ret;
     krb5_data cipherresult;
     krb5_data clearresult;
-    krb5_error *krberror;
+    krb5_error *krberror = NULL;
     krb5_replay_data replay;
     krb5_keyblock *tmp;