From: Theodore Tso <tytso@mit.edu>
Date: Wed, 25 Oct 1995 21:09:22 +0000 (+0000)
Subject: Fix to properly malloc password buffer, instead of returning a pointer
X-Git-Tag: krb5-1.0-beta6~870
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=acd28885431be44a5055e02d98a462b4b4e023ba;p=krb5.git

Fix to properly malloc password buffer, instead of returning a pointer
to an automatic variable(!).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6999 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 4576a03b7..0be323171 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,8 @@
+Mon Oct 23 17:08:59 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+	* in_tkt_pwd.c (krb5_get_in_tkt_with_password): Fix to properly
+		malloc password buffer.
+
 Mon Oct 23 11:09:56 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* rd_req_dec.c (krb5_rd_req_decoded): For heirarchal cross-realm,
@@ -7,7 +12,6 @@ Mon Oct 23 11:09:56 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 		and then there is an error, make sure return pointer is not
 		looking at freed memory.
 
-
 Fri Oct  6 22:04:42 1995  Theodore Y. Ts'o  <tytso@dcl>
 
 	* Makefile.in: Remove ##DOS!include of config/windows.in.
diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c
index e73b1898d..9c4690cf1 100644
--- a/src/lib/krb5/krb/in_tkt_pwd.c
+++ b/src/lib/krb5/krb/in_tkt_pwd.c
@@ -48,9 +48,8 @@ pwd_keyproc(context, type, salt, keyseed, key)
 {
     krb5_error_code retval;
     krb5_encrypt_block eblock;
-    char pwdbuf[BUFSIZ];
     krb5_data * password;
-    int pwsize = sizeof(pwdbuf);
+    int pwsize;
 
     if (!valid_enctype(type))
 	return KRB5_PROG_ETYPE_NOSUPP;
@@ -60,12 +59,15 @@ pwd_keyproc(context, type, salt, keyseed, key)
     password = (krb5_data *)keyseed;
 
     if (!password->length) {
+	pwsize = BUFSIZ;
+	if ((password->data = malloc(password->length)) == NULL)
+	    return ENOMEM;
+	
 	if ((retval = krb5_read_password(context, krb5_default_pwd_prompt1, 0,
-					 pwdbuf, &pwsize))) {
+					 password->data, &pwsize))) {
 	    return retval;
 	}
-        password->length = pwsize;
-        password->data = pwdbuf;
+	password->length = pwsize;
     }
 
     if (!(*key = (krb5_keyblock *)malloc(sizeof(**key))))
@@ -122,6 +124,12 @@ krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types,
 			     pwd_keyproc, (krb5_pointer) &data,
 			     krb5_kdc_rep_decrypt_proc, 0,
 			     creds, ccache, ret_as_reply);
+
+    if ((password == NULL) && (data.data)) {
+	memset(data.data, 0, strlen(data.data));
+	free(data.data);
+    }
+
     return retval;
 }