On Mon, 2011-01-10 at 16:41 +0100, Jakub Hrozek wrote: > Hopefully replying to the correct patch now.. > > There's one more thing I haven't noticed before - please check > the return value if strdup(); in the else branch.
Obviously, I missed that too. Should be fixed in attached patch. Martin
>From e08eb6553b391632683922b5adbdbfd831a59439 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Mon, 10 Jan 2011 09:55:57 +0100 Subject: [PATCH] Uninitialized pointer read in ipa-rmkeytab Fix "--realm" parameter processing in ipa-rmkeytab. Also make sure that memory allocated in this process is also freed. https://fedorahosted.org/freeipa/ticket/711 --- ipa-client/ipa-rmkeytab.c | 19 ++++++++++++++----- 1 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ipa-client/ipa-rmkeytab.c b/ipa-client/ipa-rmkeytab.c index 0320045d00bb3e386883530b5e26babe1bffaacb..8afa9e1c4ea822554af436bf4644d717d922f56e 100644 --- a/ipa-client/ipa-rmkeytab.c +++ b/ipa-client/ipa-rmkeytab.c @@ -148,8 +148,8 @@ main(int argc, const char **argv) krb5_error_code krberr; krb5_keytab ktid; krb5_kt_cursor cursor; - char * ktname; - char * atrealm; + char * ktname = NULL; + char * atrealm = NULL; poptContext pc; static const char *keytab = NULL; static const char *principal = NULL; @@ -201,14 +201,20 @@ main(int argc, const char **argv) * the string we pass in looks like a realm. */ if (realm) { - if (realm[0] != '@') + if (realm[0] != '@') { ret = asprintf(&atrealm, "@%s", realm); if (ret == -1) { rval = 2; goto cleanup; } - else - atrealm = strcpy(atrealm, realm); + } else { + atrealm = strdup(realm); + + if (NULL == atrealm) { + rval = 2; + goto cleanup; + } + } } krberr = krb5_kt_resolve(context, ktname, &ktid); @@ -247,5 +253,8 @@ cleanup: poptFreeContext(pc); + free(atrealm); + free(ktname); + return rval; } -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
