[krbdev.mit.edu #8740] Null pointer deference in function CLeashApp :: GetProfileFile in src/windows/leash/Leash.cpp

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8740] Null pointer deference in function CLeashApp :: GetProfileFile in src/windows/leash/Leash.cpp

Greg Hudson via RT-2
Hi,

There is a null pointer deference in function
CLeashApp::GetProfileFile() in Leash.cpp.

1017 BOOL
1018 CLeashApp::GetProfileFile(
1019     LPSTR confname,
1020     UINT szConfname
1021     )
1022 {
1023     char **configFile = NULL;
1024     if (!m_hKrb5DLL)
1025         return NULL;
1026
1027     if (pkrb5_get_default_config_files(&configFile))
1028     {
1029         GetWindowsDirectory(confname,szConfname);
1030         confname[szConfname-1] = '\0';
1031 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
1032         confname[szConfname-1] = '\0';
1033         return FALSE;
1034     }
1035
1036     *confname = 0;
1037
1038     if (configFile)
1039     {
1040         strncpy(confname, *configFile, szConfname);
1041         confname[szConfname-1] = '\0';
1042         pkrb5_free_config_files(configFile);
1043     }
1044
1045     if (!*confname)
1046     {
1047         GetWindowsDirectory(confname,szConfname);
1048         confname[szConfname-1] = '\0';
1049 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
1050         confname[szConfname-1] = '\0';
1051     }
1052
1053     return FALSE;
1054 }

if krb5_get_default_config_files() returns success and an empty list,
then GetProfileFile () will attempt to dereference a null pointer. check
for the empty list and treat it as failure.

Below is the proposal patch for function CLeashApp::GetProfileFile().

-        if (pkrb5_get_default_config_files(&configFile))
+        if (pkrb5_get_default_config_files(&configFile) || !configFile[0])
 Â Â Â Â Â Â Â Â  {
 Â Â Â Â Â Â Â Â Â Â Â Â  GetWindowsDirectory(confname,szConfname);
 Â Â Â Â Â Â Â Â Â Â Â Â  confname[szConfname-1] = '\0';

Young



_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs