From dc57beffefe7df48e440887976fbbaefa71b828a Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Mon, 17 Jan 2005 17:32:26 +0000 Subject: [PATCH] subject; krb5_do_preauth could attempt to free NULL pointer * preauth2.c (krb5_do_preauth): Upon error in decoding krb5_type_info{,2}, on failure, do not call krb5_free_type_info with a null pointer. The only way to reach this code is to set a preauth list requesting for ETYPE_INFO or ETYPE_INFO2 in a call to krb5_get_in_tkt_with_password. Before sending the request, krb5_do_preauth tries to parse a NULL length asn1 buffer, fails and tries to free a null pointer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17047 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 6 ++++++ src/lib/krb5/krb/preauth2.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 224127806..95578ce0d 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,9 @@ +2005-01-17 Ezra Peisach + + * preauth2.c (krb5_do_preauth): Upon error in decoding + krb5_type_info{,2}, on failure, do not call krb5_free_type_info + with a null pointer. + 2005-01-15 Jeffrey Altman * cp_key_cnt.c, copy_princ.c: diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 6238a8276..e146c3d3a 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -892,7 +892,8 @@ krb5_do_preauth(krb5_context context, else ret = decode_krb5_etype_info(&scratch, &etype_info); if (ret) { ret = 0; /*Ignore error and etype_info element*/ - krb5_free_etype_info( context, etype_info); + if (etype_info) + krb5_free_etype_info( context, etype_info); etype_info = NULL; continue; } -- 2.26.2