From f4cb46135ebba2207ed299980da0bf4c45223e11 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 26 Jun 2007 22:50:36 +0000 Subject: [PATCH] Check malloc return for null in kstream_create_* instead of unconditionally dereferencing. Thanks to Domagoj Babic for finding the bug. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19640 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/v4rcp.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 13b46233a..44938dbd6 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -122,6 +122,8 @@ static kstream kstream_create_rcp_from_fd(read_fd, write_fd, sched, ivec) des_cblock *ivec; { kstream tmp = (kstream)malloc(sizeof(*tmp)); + if (tmp == NULL) + return NULL; tmp->encrypting = 1; tmp->read_fd = read_fd; tmp->write_fd = write_fd; @@ -145,6 +147,8 @@ static kstream kstream_create_from_fd(read_fd, write_fd, sched, session) { /* just set it up... */ kstream tmp = (kstream)malloc(sizeof(*tmp)); + if (tmp == NULL) + return NULL; tmp->encrypting = 0; tmp->read_fd = read_fd; tmp->write_fd = write_fd; @@ -429,6 +433,10 @@ int main(argc, argv) &crypt_session_key); } else krem = kstream_create_from_fd (rem, 0, 0); + if (krem == NULL) { + error("rcp: out of memory\n"); + exit(1); + } kstream_set_buffer_mode (krem, 0); #endif /* KERBEROS && !NOENCRYPTION */ (void) response(); @@ -449,6 +457,10 @@ int main(argc, argv) &crypt_session_key); } else krem = kstream_create_from_fd (rem, 0, 0); + if (krem == NULL) { + error("rcp: out of memory\n"); + exit(1); + } kstream_set_buffer_mode (krem, 0); #endif /* KERBEROS && !NOENCRYPTION */ if (setuid(userid)) { -- 2.26.2