[19723] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Patch 8/9: KerbSubmitTicket() should check malloc() return for NULL

daemon@ATHENA.MIT.EDU (Alexandr Nedvedicky)
Mon Feb 19 19:51:33 2018

Date: Tue, 20 Feb 2018 01:47:10 +0100
From: Alexandr Nedvedicky <alexandr.nedvedicky@oracle.com>
To: krbdev@mit.edu
Message-ID: <20180220004710.GA20217@tbd.cz.oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Hello,

I'm upgrading kerberos bundled with Solaris to krb5-1.16. Solaris currently
ships krb5-1.15.1. I've noticed there are some memory leaks, while running test
suite, which comes with krb-1.16 (e.g. running 'make check').  I don't think
those memory leaks are critical, though as kerberos newbie I can't be sure, so
I think I'm better to share my findings. All memory leaks were found using
'libumem', which can be found on Solaris (or its OSS sibbling illumos).
All patches are against krb5-1.16 release.

I have not seen such NULL-pointer dereference panic. I've just spot
this while I was browsing through code. Same goes to potential
memory leak on 'keyblock->contents == NULL'.

regards
sasha

--------8<---------------8<---------------8<------------------8<--------
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index c741a5099..c26975c65 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -765,9 +765,16 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
      * that an enctype other than NULL be used. */
     if (keyblock == NULL) {
         keyblock = (krb5_keyblock *)malloc(sizeof(krb5_keyblock));
+	if (keyblock == NULL) {
+		return FALSE;
+	}
         keyblock->enctype = ENCTYPE_ARCFOUR_HMAC;
         keyblock->length = 16;
         keyblock->contents = (krb5_octet *)malloc(16);
+	if (keyblock->contents == NULL) {
+		free(keyblock);
+		return FALSE;
+	}
         keyblock->contents[0] = 0xde;
         keyblock->contents[1] = 0xad;
         keyblock->contents[2] = 0xbe;
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post