oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin: kadmind_dispatch do not write NULL 'rsp' to 'out'

Browse Source 
1b213c1082 ("kadmind: Add missing
error checks") altered the behavior of kadmin_dispatch() such that
it unconditionally called

      krb5_storage_to_data(rsp, out);

This change was unsafe because krb5_unparse_name_fixed() failure
would skip the allocation of the 'rsp' and 'sp' krb5_storage
objects.

This change allocates the krb5_storage objects prior to performing
any work.  If either of them fail, kadmin_dispatch() immediately
returns ENOMEM.

Change-Id: I14fd96afe029a4e74bb769605286ca0e17d25043
This commit is contained in:
Jeffrey Altman
2022-01-21 09:16:35 -05:00
parent 251cbf05c2
commit 124b8d0f78
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
kadmin/server.c
View File

@@ -59,22 +59,25 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
char **princs;
int n_princs;
int keys_ok = 0;
krb5_storage *rsp = NULL; /* response goes here */
krb5_storage *sp = NULL;
krb5_storage *rsp; /* response goes here */
krb5_storage *sp;
int len;
memset(&ent, 0, sizeof(ent));
memset(&ent_prev, 0, sizeof(ent_prev));
krb5_data_zero(out);
ret = krb5_unparse_name_fixed(contextp->context, contextp->caller,
client, sizeof(client));
if (ret == 0) {
rsp = krb5_storage_emem();
sp = krb5_storage_from_data(in);
if (rsp == NULL || sp == NULL)
ret = krb5_enomem(contextp->context);
rsp = krb5_storage_emem();
if (rsp == NULL)
return krb5_enomem(contextp->context);
sp = krb5_storage_from_data(in);
if (sp == NULL) {
krb5_storage_free(rsp);
return krb5_enomem(contextp->context);
}
ret = krb5_unparse_name_fixed(contextp->context, contextp->caller,
if (ret == 0)
ret = krb5_ret_int32(sp, &cmd);
if (ret)