735b73ebbb
- pull in fix from master to return a NULL pointer rather than allocating zero bytes of memory if we read a zero-length input token (RT#7794, part of #1043962)
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
commit 13fd26e1863c79f616653f6a10a58c01f65fceff
|
|
Author: Greg Hudson <ghudson@mit.edu>
|
|
Date: Fri Dec 6 18:56:56 2013 -0500
|
|
|
|
Avoid malloc(0) in SPNEGO get_input_token
|
|
|
|
If we read a zero-length token in spnego_mech.c's get_input_token(),
|
|
set the value pointer to NULL instead of calling malloc(0).
|
|
|
|
ticket: 7794 (new)
|
|
|
|
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
|
index 24c3440..3937662 100644
|
|
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
|
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
|
@@ -3140,14 +3140,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length)
|
|
return (NULL);
|
|
|
|
input_token->length = len;
|
|
- input_token->value = gssalloc_malloc(input_token->length);
|
|
+ if (input_token->length > 0) {
|
|
+ input_token->value = gssalloc_malloc(input_token->length);
|
|
+ if (input_token->value == NULL) {
|
|
+ free(input_token);
|
|
+ return (NULL);
|
|
+ }
|
|
|
|
- if (input_token->value == NULL) {
|
|
- free(input_token);
|
|
- return (NULL);
|
|
+ memcpy(input_token->value, *buff_in, input_token->length);
|
|
+ } else {
|
|
+ input_token->value = NULL;
|
|
}
|
|
-
|
|
- (void) memcpy(input_token->value, *buff_in, input_token->length);
|
|
*buff_in += input_token->length;
|
|
return (input_token);
|
|
}
|