From: Tom Yu <tlyu@mit.edu>
Date: Mon, 28 Sep 2009 20:44:20 +0000 (+0000)
Subject:  ------------------------------------------------------------------------
X-Git-Tag: krb5-1.7.1-beta1~40
X-Git-Url: http://git.tremily.us/gitweb.cgi?a=commitdiff_plain;h=cbcb4a5f87d97c7537279f61b8c5fdbdd1c32508;p=krb5.git

 ------------------------------------------------------------------------
 r22409 | epeisach | 2009-06-09 22:55:22 -0400 (Tue, 09 Jun 2009) | 7 lines

 ticket: 6511
 subject: krb5int_rd_chpw_rep could call krb5_free_error with random value

 clang picked up on a path in which krberror is not set and passed as
 an argument to krb5_free_error(). Essentially if the clearresult
 length < 2 but everything decodes - you can hit this path...

ticket: 6511
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22798 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c
index d0cadb4bb..9c3a95a8c 100644
--- a/src/lib/krb5/krb/chpw.c
+++ b/src/lib/krb5/krb/chpw.c
@@ -83,7 +83,7 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     krb5_error_code ret;
     krb5_data cipherresult;
     krb5_data clearresult;
-    krb5_error *krberror;
+    krb5_error *krberror = NULL;
     krb5_replay_data replay;
     krb5_keyblock *tmp;