From: Tom Yu Date: Tue, 18 Jan 2005 17:57:32 +0000 (+0000) Subject: pullup from trunk X-Git-Tag: krb5-1.4.3-beta1~98 X-Git-Url: http://git.tremily.us/gitweb.cgi?a=commitdiff_plain;h=0233075edc0c6284c1e61ab8d20ad5ab67f4f98a;p=krb5.git pullup from trunk ticket: 2887 version_fixed: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@17057 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index bcd2531c5..4280ec761 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,8 @@ +2005-01-17 Jeffrey Altman + * unparse.c: krb5_unparse_name, krb5_unparse_name_ext() + prevent null pointer dereferencing if either 'name' or 'size' + are NULL. + 2005-01-15 Jeffrey Altman * cp_key_cnt.c, copy_princ.c: diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index 6f1a3c9e8..badb5bf97 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -26,7 +26,7 @@ * * krb5_unparse_name() routine * - * Rewritten by Theodore Ts'o to propoerly unparse principal names + * Rewritten by Theodore Ts'o to properly unparse principal names * which have the component or realm separator as part of one of their * components. */ @@ -66,7 +66,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_int32 nelem; register unsigned int totalsize = 0; - if (!principal) + if (!principal || !name) return KRB5_PARSE_MALFORMED; cp = krb5_princ_realm(context, principal)->data; @@ -99,17 +99,17 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi * We need only n-1 seperators for n components, but we need * an extra byte for the NULL at the end. */ - if (*name) { - if (*size < (totalsize)) { - *size = totalsize; - *name = realloc(*name, totalsize); - } - } else { - *name = malloc(totalsize); - if (size) - *size = totalsize; - } - + if (size) { + if (*name && (*size < totalsize)) { + *name = realloc(*name, totalsize); + } else { + *name = malloc(totalsize); + } + *size = totalsize; + } else { + *name = malloc(totalsize); + } + if (!*name) return ENOMEM; @@ -191,7 +191,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_error_code KRB5_CALLCONV krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name) { - *name = NULL; + if (name) /* name == NULL will return error from _ext */ + *name = NULL; return(krb5_unparse_name_ext(context, principal, name, NULL)); }