From 99c0ac2a716ee8a0dc23fa01f82a88665d8cffb9 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 21 Sep 2005 22:58:07 +0000 Subject: [PATCH] krb5_gss_inquire_cred can copy out uninitialized pointer * inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to NULL. Only call kg_save_name() if ret_name is actually non-NULL. Return GSS_C_NO_NAME for now if no principal name in the cred. Reported by Christoph Weizen. ticket: new version_reported: 1.4.2 target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17384 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 7 +++++++ src/lib/gssapi/krb5/inq_cred.c | 11 ++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index f06fee506..3800195d1 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,10 @@ +2005-09-21 Tom Yu + + * inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to + NULL. Only call kg_save_name() if ret_name is actually non-NULL. + Return GSS_C_NO_NAME for now if no principal name in the cred. + Reported by Christoph Weizen. + 2005-08-11 Tom Yu * import_name.c: Include stdio.h regardless of presence of diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index 4125dd5e4..ec8578e4e 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -92,6 +92,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, OM_uint32 ret; ret = GSS_S_FAILURE; + ret_name = NULL; code = krb5_init_context(&context); if (code) { @@ -164,14 +165,15 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, (gss_OID) gss_mech_krb5, &mechs)))) { k5_mutex_unlock(&cred->lock); - krb5_free_principal(context, ret_name); + if (ret_name) + krb5_free_principal(context, ret_name); /* *minor_status set above */ goto fail; } } if (name) { - if (! kg_save_name((gss_name_t) ret_name)) { + if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) { k5_mutex_unlock(&cred->lock); (void) gss_release_oid_set(minor_status, &mechs); krb5_free_principal(context, ret_name); @@ -179,7 +181,10 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, krb5_free_context(context); return(GSS_S_FAILURE); } - *name = (gss_name_t) ret_name; + if (ret_name != NULL) + *name = (gss_name_t) ret_name; + else + *name = GSS_C_NO_NAME; } if (lifetime_ret) -- 2.26.2