[krbdev.mit.edu #8727] Directly dereference the pointer svalue which may be NULL in kadm5_get_config_params()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8727] Directly dereference the pointer svalue which may be NULL in kadm5_get_config_params()

Greg Hudson via RT-2
Hi Team,

In kadm5_get_config_params() of krb5-1.16.1/src/lib/kadm5/alt_prof.c,
After calling strdup() to assign pointer svalue,
we directly dereference it without checking if it is valid.

We should add pointer validity checking for svalue after assigning.

Could someone help to take a look?

Thanks,
Bean

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs