[krbdev.mit.edu #8726] Directly dereference the pointer certname which may be NULL in parse_fs_options()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8726] Directly dereference the pointer certname which may be NULL in parse_fs_options()

Greg Hudson via RT-2
"kinit -X X509_user_identity=, princname" also causes the null deref
if the KDC offers PKINIT.

There are some ancillary code hygiene issues here:

* On empty input, parse_fs_options() returns 0 without filling in
idopts->cert_filename and idopts->key_filename.  This is papered over
by checks in pkinit_get_certs_fs(), which will return
KRB5KDC_ERR_PREAUTH_FAILED if either field isn't filled in.

* If the second strdup() in parse_fs_options() fails, it returns
ENOMEM but does leave an allocated value in idopts->cert_filename.  
This could lead to a memory leak if a subsequent pkinit_identities
value is tried, but under most circumstances I think the allocated
value will be cleaned up during teardown.
_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs