From: Jeffrey Altman Date: Mon, 17 Jan 2005 19:10:31 +0000 (+0000) Subject: krb5_unparse_name(), krb5_unparse_name_ext(): X-Git-Tag: ms-bug-test-20060525~367 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=962f1e24f1a3838d521db990778e1bd5a0432be2;p=krb5.git krb5_unparse_name(), krb5_unparse_name_ext(): prevent dereferencing of pointer if 'name' or 'size' are NULL ticket: new tags: pullup target_version: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17049 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 27e5174c2..a3520b7a7 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,8 @@ +2005-01-17 Jeffrey Altman + * unparse.c: krb5_unparse_name, krb5_unparse_name_ext() + prevent null pointer dereferencing if either 'name' or 'size' + are NULL. + 2005-01-17 Ezra Peisach * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): More memory leaks diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index 6f1a3c9e8..badb5bf97 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -26,7 +26,7 @@ * * krb5_unparse_name() routine * - * Rewritten by Theodore Ts'o to propoerly unparse principal names + * Rewritten by Theodore Ts'o to properly unparse principal names * which have the component or realm separator as part of one of their * components. */ @@ -66,7 +66,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_int32 nelem; register unsigned int totalsize = 0; - if (!principal) + if (!principal || !name) return KRB5_PARSE_MALFORMED; cp = krb5_princ_realm(context, principal)->data; @@ -99,17 +99,17 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi * We need only n-1 seperators for n components, but we need * an extra byte for the NULL at the end. */ - if (*name) { - if (*size < (totalsize)) { - *size = totalsize; - *name = realloc(*name, totalsize); - } - } else { - *name = malloc(totalsize); - if (size) - *size = totalsize; - } - + if (size) { + if (*name && (*size < totalsize)) { + *name = realloc(*name, totalsize); + } else { + *name = malloc(totalsize); + } + *size = totalsize; + } else { + *name = malloc(totalsize); + } + if (!*name) return ENOMEM; @@ -191,7 +191,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_error_code KRB5_CALLCONV krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name) { - *name = NULL; + if (name) /* name == NULL will return error from _ext */ + *name = NULL; return(krb5_unparse_name_ext(context, principal, name, NULL)); }