oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

heimdal: Fix CID 240779 Allocation size mismatch

Browse Source 
(rebased on current Heimdal by abartlet)

The error Coverity complains about is in the malloc. krb5_enctypes is
an enum, so it is usually smaller than the size of a pointer. So we
overallocate, but in the memcpy further down we copy from potentially
invalid memory.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104
This commit is contained in:
Volker Lendecke
2013-11-12 22:00:54 +01:00
committed by Nicolas Williams
parent 2aca5c4fae
commit 56bcd356d8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/context.c
View File

@@ -495,10 +495,10 @@ copy_etypes (krb5_context context,
;
i++;
*ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i);
*ret_enctypes = malloc(sizeof(enctypes[0]) * i);
if (*ret_enctypes == NULL)
return krb5_enomem(context);
memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i);
memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * i);
return 0;
}