[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug] invalid mem access in lib/gssapi/client.c
From: |
Simon Josefsson |
Subject: |
Re: [Bug] invalid mem access in lib/gssapi/client.c |
Date: |
Mon, 13 Jun 2022 07:54:27 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
tbc TobeContinued <tbc.dengwenqi@gmail.com> writes:
> Hi, all
> I found an invalid mem access bug in lib/gssapi/client.c. Herer is the
> patch. Hope it helpful for the project.
Thank you, and sorry for the delay in answering this. May I ask how you
found this? GSSAPI data encode/decode functionality is rarely used and
sometimes having this enabled may suggest there is a bug or suboptimal
behaviour elsewhere. Is some real-world application triggering this, or
can you give any more information on how you discovered it?
Anyway, I have fixed it now, here:
https://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=f95d18eeb0713df45f9a78ec837e4c1603ceffcf
/Simon
> diff --git a/lib/gssapi/client.c b/lib/gssapi/client.c
> index f46d65ac..cd4ccc01 100644
> --- a/lib/gssapi/client.c
> +++ b/lib/gssapi/client.c
> @@ -299,7 +299,7 @@ _gsasl_gssapi_client_encode (Gsasl_session * sctx,
> if (GSS_ERROR (maj_stat))
> return GSASL_GSSAPI_WRAP_ERROR;
> *output_len = output_message_buffer.length;
> - *output = malloc (input_len);
> + *output = malloc (output_message_buffer.length);
> if (!*output)
> {
> maj_stat = gss_release_buffer (&min_stat, &output_message_buffer);
> @@ -352,7 +352,7 @@ _gsasl_gssapi_client_decode (Gsasl_session * sctx,
> if (GSS_ERROR (maj_stat))
> return GSASL_GSSAPI_UNWRAP_ERROR;
> *output_len = output_message_buffer.length;
> - *output = malloc (input_len);
> + *output = malloc (output_message_buffer.length);
> if (!*output)
> {
> maj_stat = gss_release_buffer (&min_stat, &output_message_buffer);
>
>
> Best regards,
> Deng, Wenqi
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Bug] invalid mem access in lib/gssapi/client.c,
Simon Josefsson <=