41bc7a0e62
DES string2key not working (#679012) - add revised upstream patch to fix double-free in KDC while returning typed-data with errors (CVE-2011-0284, #674325)
14 lines
544 B
Plaintext
14 lines
544 B
Plaintext
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
|
|
index 46b5fa1..464cb6e 100644
|
|
--- a/src/kdc/do_as_req.c
|
|
+++ b/src/kdc/do_as_req.c
|
|
@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
|
|
pad->contents = td[size]->data;
|
|
pad->length = td[size]->length;
|
|
pa[size] = pad;
|
|
+ td[size]->data = NULL;
|
|
+ td[size]->length = 0;
|
|
}
|
|
krb5_free_typed_data(kdc_context, td);
|
|
}
|