[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bugfix] uninitialized pointer dereference in rd_cred.c
On Thu, Apr 19, 2001 at 06:14:41PM +0200, Johan Danielsson wrote:
> "Jacques A. Vidrine" <n@nectar.com> writes:
>
> > Noticed in a case where I should have gotten ``Read forwarded creds
> > failed: Incorrect net address,'' but instead a got a segfault.
>
> Where did the segfault occur?
At line 228:
225 out:
226 free_KRB_CRED (&cred);
227 if(*ret_creds) {
228 for(i = 0; (*ret_creds)[i]; i++)
229 krb5_free_creds(context, (*ret_creds)[i]);
230 free(*ret_creds);
231 }
232 return ret;
233 }
At that point, ret_creds is a pointer to a (likely) uninitialized
pointer passed in by the caller.
--
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org