heimdal: Fix CID 745516 Use after free

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Nov 14 09:11:10 MST 2013


On Thu, Nov 14, 2013 at 05:09:56PM +0100, Volker Lendecke wrote:
> Hi!
> 
> Please review & push!

Gna, forgot the signed-off thingy. New patch attached.

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 3bfbfb9fd0bfa486f48415141c63a7d40ca285df Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 11 Nov 2013 10:21:54 +0000
Subject: [PATCH] heimdal: Fix CID 745516 Use after free

If the loop is exited normally, i.e. we did not find anything proper
within DH_NUM_TRIES, we try to BN_free a second time.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/heimdal/lib/hcrypto/dh-ltm.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c
index 6af43cf..f4e0313 100644
--- a/source4/heimdal/lib/hcrypto/dh-ltm.c
+++ b/source4/heimdal/lib/hcrypto/dh-ltm.c
@@ -108,8 +108,10 @@ ltm_dh_generate_key(DH *dh)
 		return 0;
 	    }
 	}
-	if (dh->pub_key)
+	if (dh->pub_key) {
 	    BN_free(dh->pub_key);
+	    dh->pub_key = NULL;
+	}
 
 	mp_init_multi(&pub, &priv_key, &g, &p, NULL);
 
-- 
1.7.9.5



More information about the samba-technical mailing list