------------------------------------------------------------------------
r20485 | raeburn | 2008-06-26 23:33:14 -0400 (Thu, 26 Jun 2008) | 8 lines
ticket: new
target_version: 1.6.4
tags: pullup
subject: use-after-free bugs
Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.
ticket: 5998
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22427
dc483132-0cff-0310-8789-
dd5450dbe970
}
if (ret.code != 0)
- errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+ errmsg = krb5_get_error_message(NULL, ret.code);
else
errmsg = "success";
return;
}
if (cc != response->length) {
- krb5_free_data(kdc_context, response);
com_err(prog, 0, "short reply write %d vs %d\n",
response->length, cc);
- return;
}
krb5_free_data(kdc_context, response);
return;
if ((pcred->tickets
= (krb5_ticket **)malloc(sizeof(krb5_ticket *) * (ncred + 1))) == NULL) {
- retval = ENOMEM;
free(pcred);
+ return ENOMEM;
}
memset(pcred->tickets, 0, sizeof(krb5_ticket *) * (ncred +1));
/*
* slave/kprop.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
free(data_ok_fn);
exit(1);
}
- free(data_ok_fn);
if (stbuf.st_mtime > stbuf_ok.st_mtime) {
com_err(progname, 0, "'%s' more recent than '%s'.",
data_fn, data_ok_fn);
exit(1);
}
+ free(data_ok_fn);
*size = stbuf.st_size;
return(fd);
}
projects / krb5.git / commitdiff