From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 26 Jun 2007 22:58:46 +0000 (+0000)
Subject: * v4rcp.c (kstream_write): Allocate buffer space if it hasn't been
X-Git-Tag: krb5-1.7-alpha1~1050
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8325d6530500cf44fd75d7ddac0a02edd1a26cb2;p=krb5.git

* v4rcp.c (kstream_write): Allocate buffer space if it hasn't been
allocated, in the encrypting case, even if outlen is zero.  While I
don't believe this can ever happen, it requires careful examination of
lots of code paths to figure it out.  This change doesn't fix a
serious bug, but makes the analysis simple.  Also, don't bother with
separate code paths for malloc vs realloc depending on the previous
values; we can just use realloc always.

Thanks to Domagoj Babic for pointing out the (false but
understandable) null-pointer problem.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19641 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c
index 44938dbd6..788c1f586 100644
--- a/src/appl/bsd/v4rcp.c
+++ b/src/appl/bsd/v4rcp.c
@@ -251,16 +251,11 @@ static int kstream_write(krem, buf, len)
     int st;
     unsigned int outlen = (len + 7) & (~7U);
 
-    if (krem->writelen < outlen) {
-      if (krem->writelen == 0) {
-	krem->inbuf = (char*)malloc(outlen);
-	krem->outbuf = (char*)malloc(outlen+8);
-      } else {
-	krem->inbuf = (char*)realloc(krem->inbuf, outlen);
+    if (krem->writelen < outlen || krem->outbuf == 0) {
+	krem->inbuf = (char*)realloc(krem->inbuf, outlen ? outlen : 1);
 	krem->outbuf = (char*)realloc(krem->outbuf, outlen+8);
-      }
-      if(!krem->inbuf || !krem->outbuf) { errno = ENOMEM; return -1; }
-      krem->writelen = outlen;
+	if(!krem->inbuf || !krem->outbuf) { errno = ENOMEM; return -1; }
+	krem->writelen = outlen;
     }
 
     outlen = (len + 7) & (~7U);