[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

0.2q kdc bug found

To: heimdal-discuss@sics.se
Subject: 0.2q kdc bug found
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Date: Mon, 27 Mar 2000 14:29:00 -0500
Sender: owner-heimdal-discuss@sics.se

Observe, please, in connect.c:

	static void
	init_descr(struct descr *d)
	{
	    memset(d, 0, sizeof(*d));
	    d->sa = (struct sockaddr *)&d->__ss;
	    d->s = -1;
	}

	/* ... */


	static int
	init_sockets(struct descr **desc)
	{
	     krb5_error_code ret;
	     int i, j;
	     struct descr *d;
	
	     /* ... */
	     d = malloc(addresses.len * num_ports * sizeof(*d));
	     /* ... code which ultimately invokes init_descr() on each
	     element ... */
	     d = realloc(d, num * sizeof(*d));
	     if (d == NULL && num != 0)
	         krb5_errx(context, 1, "realloc(%u) failed", num *
	         sizeof(*d)); *desc = d;
	     return num;
	}

d->sa in each entry points into the wrong memory block after the realloc(), 
if realloc() decides to return a different memory block (which it 
apparently does on Solaris).

-- 
brandon s. allbery     [os/2][linux][solaris][japh]    allbery@kf8nh.apk.net
system administrator        [WAY too many hats]          allbery@ece.cmu.edu
electrical and computer engineering                                    KF8NH
carnegie mellon university      ["better check the oblivious first" -ke6sls]

Follow-Ups:
- Re: 0.2q kdc bug found
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: KDC core dumping on Solaris 7
Next by Date: Documentation about how to install and configure heimdal
Prev by thread: Re: KDC core dumping on Solaris 7
Next by thread: Re: 0.2q kdc bug found
Index(es):
- Date
- Thread