[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #7866] improper malloc() handling in process_chpw_request()
From: "Will Fiveash via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2014-02-20 19:17:12
Message-ID: rt-7866-40422.19.0290614780579 () krbdev ! mit ! edu
[Download RAW message or body]
In src/kadmin/server/schpw.c:process_chpw_request()):
chpwfail:
clear.length = 2 + strlen(strresult);
clear.data = (char *) malloc(clear.length);
ptr = clear.data;
*ptr++ = (numresult>>8) & 0xff;
If malloc() fails *ptr++ will be a NULL pointer deref.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic