From acd28885431be44a5055e02d98a462b4b4e023ba Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 25 Oct 1995 21:09:22 +0000 Subject: [PATCH] Fix to properly malloc password buffer, instead of returning a pointer to an automatic variable(!). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6999 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 6 +++++- src/lib/krb5/krb/in_tkt_pwd.c | 18 +++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 4576a03b7..0be323171 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,8 @@ +Mon Oct 23 17:08:59 1995 Theodore Y. Ts'o + + * in_tkt_pwd.c (krb5_get_in_tkt_with_password): Fix to properly + malloc password buffer. + Mon Oct 23 11:09:56 1995 Ezra Peisach * rd_req_dec.c (krb5_rd_req_decoded): For heirarchal cross-realm, @@ -7,7 +12,6 @@ Mon Oct 23 11:09:56 1995 Ezra Peisach and then there is an error, make sure return pointer is not looking at freed memory. - Fri Oct 6 22:04:42 1995 Theodore Y. Ts'o * Makefile.in: Remove ##DOS!include of config/windows.in. diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c index e73b1898d..9c4690cf1 100644 --- a/src/lib/krb5/krb/in_tkt_pwd.c +++ b/src/lib/krb5/krb/in_tkt_pwd.c @@ -48,9 +48,8 @@ pwd_keyproc(context, type, salt, keyseed, key) { krb5_error_code retval; krb5_encrypt_block eblock; - char pwdbuf[BUFSIZ]; krb5_data * password; - int pwsize = sizeof(pwdbuf); + int pwsize; if (!valid_enctype(type)) return KRB5_PROG_ETYPE_NOSUPP; @@ -60,12 +59,15 @@ pwd_keyproc(context, type, salt, keyseed, key) password = (krb5_data *)keyseed; if (!password->length) { + pwsize = BUFSIZ; + if ((password->data = malloc(password->length)) == NULL) + return ENOMEM; + if ((retval = krb5_read_password(context, krb5_default_pwd_prompt1, 0, - pwdbuf, &pwsize))) { + password->data, &pwsize))) { return retval; } - password->length = pwsize; - password->data = pwdbuf; + password->length = pwsize; } if (!(*key = (krb5_keyblock *)malloc(sizeof(**key)))) @@ -122,6 +124,12 @@ krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types, pwd_keyproc, (krb5_pointer) &data, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply); + + if ((password == NULL) && (data.data)) { + memset(data.data, 0, strlen(data.data)); + free(data.data); + } + return retval; } -- 2.26.2