diff options
| author | bugbomb <none@none> | 2005-06-29 18:11:18 -0700 |
|---|---|---|
| committer | bugbomb <none@none> | 2005-06-29 18:11:18 -0700 |
| commit | 6cf54e3429e9e407238b294191931f62ddfa1aa9 (patch) | |
| tree | fa828092ed7410e9077c77c0aff5db3fdc05dcc7 /usr/src/cmd/krb5 | |
| parent | 35b145352923828ff6a30fd0dcc8fb5e2ffef483 (diff) | |
| download | illumos-joyent-6cf54e3429e9e407238b294191931f62ddfa1aa9.tar.gz | |
6261685 Security : buffer overflow, heap corruption in KDC
Diffstat (limited to 'usr/src/cmd/krb5')
| -rw-r--r-- | usr/src/cmd/krb5/krb5kdc/do_as_req.c | 6 | ||||
| -rw-r--r-- | usr/src/cmd/krb5/krb5kdc/do_tgs_req.c | 6 | ||||
| -rw-r--r-- | usr/src/cmd/krb5/krb5kdc/network.c | 5 |
3 files changed, 13 insertions, 4 deletions
diff --git a/usr/src/cmd/krb5/krb5kdc/do_as_req.c b/usr/src/cmd/krb5/krb5kdc/do_as_req.c index f97a250914..576d3643d8 100644 --- a/usr/src/cmd/krb5/krb5kdc/do_as_req.c +++ b/usr/src/cmd/krb5/krb5kdc/do_as_req.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -553,6 +553,10 @@ krb5_data **response; retval = krb5_mk_error(kdc_context, &errpkt, scratch); free(errpkt.text.data); + if (retval) + free(scratch); + else *response = scratch; + return retval; } diff --git a/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c b/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c index e6058b41f6..ad531d1468 100644 --- a/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c +++ b/usr/src/cmd/krb5/krb5kdc/do_tgs_req.c @@ -1,5 +1,5 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -740,7 +740,11 @@ krb5_data **response; retval = krb5_mk_error(kdc_context, &errpkt, scratch); free(errpkt.text.data); + if (retval) + free(scratch); + else *response = scratch; + return retval; } diff --git a/usr/src/cmd/krb5/krb5kdc/network.c b/usr/src/cmd/krb5/krb5kdc/network.c index 8a93019982..ffa738b800 100644 --- a/usr/src/cmd/krb5/krb5kdc/network.c +++ b/usr/src/cmd/krb5/krb5kdc/network.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -732,7 +732,8 @@ static void process_packet(struct connection *conn, const char *prog, krb5_data *response; char pktbuf[MAX_DGRAM_SIZE]; int port_fd = conn->fd; - + + response = NULL; saddr_len = sizeof(saddr); cc = recvfrom(port_fd, pktbuf, sizeof(pktbuf), 0, (struct sockaddr *)&saddr, &saddr_len); |