From: Ezra Peisach Date: Wed, 10 Jun 2009 02:55:22 +0000 (+0000) Subject: krb5int_rd_chpw_rep could call krb5_free_error with random value X-Git-Tag: krb5-1.8-alpha1~438 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ccdee10e6b9c218f3e82e5987d716bfb7cbb1c90;p=krb5.git krb5int_rd_chpw_rep could call krb5_free_error with random value clang picked up on a path in which krberror is not set and passed as an argument to krb5_free_error(). Essentially if the clearresult length < 2 but everything decodes - you can hit this path... ticket: 6511 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22409 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c index 1a4013dd7..d38a7ef39 100644 --- a/src/lib/krb5/krb/chpw.c +++ b/src/lib/krb5/krb/chpw.c @@ -83,7 +83,7 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_error_code ret; krb5_data cipherresult; krb5_data clearresult; - krb5_error *krberror; + krb5_error *krberror = NULL; krb5_replay_data replay; krb5_keyblock *tmp;