[PATCH 1/2] libads: Fix free of uninitialized pointer

Uri Simchoni urisimchoni at gmail.com
Fri May 1 15:35:27 MDT 2015


In ads_keytab_creat_default(), if the keytab to be created cannot
be opened, the bail-out code calls smb_krb5_kt_free_entry() on
an uninitialized entry.

To reproduce:
1. Join a domain
2. KRB5_KTNAME=FILE:/non-existant-path/krb5.keytab net ads keytab create -P
---
 source3/libads/kerberos_keytab.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index bbd981c..ef6374a 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -520,6 +520,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 	size_t i;
 	ADS_STATUS status;
 
+	ZERO_STRUCT(kt_entry);
+	ZERO_STRUCT(cursor);
+
 	frame = talloc_stackframe();
 	if (frame == NULL) {
 		ret = -1;
@@ -575,8 +578,6 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 #endif
 
 	memset(princ_s, '\0', sizeof(princ_s));
-	ZERO_STRUCT(kt_entry);
-	ZERO_STRUCT(cursor);
 
 	initialize_krb5_error_table();
 	ret = krb5_init_context(&context);
-- 
1.9.1



More information about the samba-technical mailing list