[Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals
Simo Sorce
simo at redhat.com
Wed Feb 19 13:27:10 UTC 2014
On Wed, 2014-02-19 at 15:24 +0200, Alexander Bokovoy wrote:
> On Wed, 19 Feb 2014, Simo Sorce wrote:
> >On Tue, 2013-11-12 at 10:59 -0500, Nathaniel McCallum wrote:
> >> diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
> >> index
> >> 934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c92dddd6cb765b435c0fbdfac 100644
> >> --- a/util/ipa_krb5.c
> >> +++ b/util/ipa_krb5.c
> >> @@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys,
> >> int num_keys)
> >> {
> >> int i;
> >>
> >> + if (keys == NULL)
> >> + return;
> >> +
> >> for (i = 0; i < num_keys; i++) {
> >> /* try to wipe key from memory,
> >> * hopefully the compiler will not optimize it away */
> >> --
> >
> >This part is useless and can be dropped.
> If ever num_key is not 0 and yet keys == NULL, we'll get crash in the
> line
>
> if (keys[i].key_data_length[0]) {
>
> because there are no checks at all before that.
If num_keys do not reflect the number of keys in the structure at all
times you have bigger problems.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list