From 184dd2a8ca934816acca78b28389bf301ea11beb Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Thu, 15 Aug 2002 06:59:23 +0000 Subject: [PATCH] * cc_file.c (ALLOC): Use calloc, not malloc. (krb5_fcc_read_principal): Check bounds on number of components before calling ALLOC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14724 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/ChangeLog | 6 ++++++ src/lib/krb5/ccache/cc_file.c | 11 +++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index d22d300da..80424fdcc 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,9 @@ +2002-08-15 Ken Raeburn + + * cc_file.c (ALLOC): Use calloc, not malloc. + (krb5_fcc_read_principal): Check bounds on number of components + before calling ALLOC. + 2002-08-15 Tom Yu * t_cc.c: Remove references to STDIO ccache. diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index f93ab93ed..a46e83f0c 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -398,7 +398,7 @@ krb5_fcc_read(context, id, buf, len) #define ALLOC(NUM,TYPE) \ (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ - ? (TYPE *) malloc((NUM) * sizeof(TYPE)) \ + ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ : (errno = ENOMEM,(TYPE *) 0)) static krb5_error_code @@ -433,12 +433,19 @@ krb5_fcc_read_principal(context, id, princ) */ if (data->version == KRB5_FCC_FVNO_1) length--; + if (length < 0) + return KRB5_CC_NOMEM; tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data)); if (tmpprinc == NULL) return KRB5_CC_NOMEM; if (length) { - tmpprinc->data = ALLOC (length, krb5_data); + size_t msize = length; + if (msize != length) { + free(tmpprinc); + return KRB5_CC_NOMEM; + } + tmpprinc->data = ALLOC (msize, krb5_data); if (tmpprinc->data == 0) { free((char *)tmpprinc); return KRB5_CC_NOMEM; -- 2.26.2