heimdal: Fix CID 745516 Use after free
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Nov 14 09:11:10 MST 2013
On Thu, Nov 14, 2013 at 05:09:56PM +0100, Volker Lendecke wrote:
> Hi!
>
> Please review & push!
Gna, forgot the signed-off thingy. New patch attached.
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 3bfbfb9fd0bfa486f48415141c63a7d40ca285df Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 11 Nov 2013 10:21:54 +0000
Subject: [PATCH] heimdal: Fix CID 745516 Use after free
If the loop is exited normally, i.e. we did not find anything proper
within DH_NUM_TRIES, we try to BN_free a second time.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/heimdal/lib/hcrypto/dh-ltm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c
index 6af43cf..f4e0313 100644
--- a/source4/heimdal/lib/hcrypto/dh-ltm.c
+++ b/source4/heimdal/lib/hcrypto/dh-ltm.c
@@ -108,8 +108,10 @@ ltm_dh_generate_key(DH *dh)
return 0;
}
}
- if (dh->pub_key)
+ if (dh->pub_key) {
BN_free(dh->pub_key);
+ dh->pub_key = NULL;
+ }
mp_init_multi(&pub, &priv_key, &g, &p, NULL);
--
1.7.9.5
More information about the samba-technical
mailing list