From 9f9f9321d2944985af9d4c37cb6ee81366eb55e0 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sat, 15 Jan 2005 06:34:08 +0000 Subject: [PATCH] * cp_key_cnt.c, copy_princ.c: prevent krb5_copy_principal() and krb5_copy_keyblock() from calling malloc(0). On platforms in which malloc(0) returns NULL, these functions will return an ENOMEM error the way they were written. ticket: 2881 target_version: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17045 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 8 ++++++++ src/lib/krb5/krb/copy_princ.c | 34 +++++++++++++++++++--------------- src/lib/krb5/krb/cp_key_cnt.c | 11 +++++++---- 3 files changed, 34 insertions(+), 19 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index c62d7dfee..224127806 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,11 @@ +2005-01-15 Jeffrey Altman + + * cp_key_cnt.c, copy_princ.c: + prevent krb5_copy_principal() and krb5_copy_keyblock() from + calling malloc(0). On platforms in which malloc(0) returns + NULL, these functions will return an ENOMEM error the way + they were written. + 2005-01-11 Ken Raeburn * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Free credentials diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c index 569e55b90..f62323695 100644 --- a/src/lib/krb5/krb/copy_princ.c +++ b/src/lib/krb5/krb/copy_princ.c @@ -60,32 +60,36 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri for (i = 0; i < nelems; i++) { unsigned int len = krb5_princ_component(context, inprinc, i)->length; krb5_princ_component(context, tempprinc, i)->length = len; - if (((krb5_princ_component(context, tempprinc, i)->data = - malloc(len)) == 0) && len) { - while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); - free (tempprinc->data); - free (tempprinc); - return ENOMEM; - } - if (len) + if (len) { + if (((krb5_princ_component(context, tempprinc, i)->data = + malloc(len)) == 0)) { + while (--i >= 0) + free(krb5_princ_component(context, tempprinc, i)->data); + free (tempprinc->data); + free (tempprinc); + return ENOMEM; + } memcpy(krb5_princ_component(context, tempprinc, i)->data, krb5_princ_component(context, inprinc, i)->data, len); + } else + krb5_princ_component(context, tempprinc, i)->data = 0; } - tempprinc->realm.data = + if (tempprinc->realm.length) { + tempprinc->realm.data = malloc(tempprinc->realm.length = inprinc->realm.length); - if (!tempprinc->realm.data && tempprinc->realm.length) { + if (!tempprinc->realm.data) { for (i = 0; i < nelems; i++) - free(krb5_princ_component(context, tempprinc, i)->data); + free(krb5_princ_component(context, tempprinc, i)->data); free(tempprinc->data); free(tempprinc); return ENOMEM; - } - if (tempprinc->realm.length) + } memcpy(tempprinc->realm.data, inprinc->realm.data, inprinc->realm.length); - + } else + tempprinc->realm.data = 0; + *outprinc = tempprinc; return 0; } diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c index b39a6a98a..150be0a57 100644 --- a/src/lib/krb5/krb/cp_key_cnt.c +++ b/src/lib/krb5/krb/cp_key_cnt.c @@ -36,9 +36,12 @@ krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to) { *to = *from; - to->contents = (krb5_octet *)malloc(to->length); - if (!to->contents) - return ENOMEM; - memcpy((char *)to->contents, (char *)from->contents, to->length); + if (to->length) { + to->contents = (krb5_octet *)malloc(to->length); + if (!to->contents) + return ENOMEM; + memcpy((char *)to->contents, (char *)from->contents, to->length); + } else + to->contents = 0; return 0; } -- 2.26.2