From e1ce2955dbaf8fbbc52a9625a62bb3fc4e31215f Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 15 Mar 2011 21:47:19 +0000 Subject: [PATCH] KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284] Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/do_as_req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 283c97e2d..0cc21cec4 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -740,6 +740,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, pad->contents = td[size]->data; pad->length = td[size]->length; pa[size] = pad; + td[size]->data = NULL; + td[size]->length = 0; } krb5_free_typed_data(kdc_context, td); } -- 2.26.2