[Freeipa-devel] [PATCH] 0023 Bug in the ipapwd plugin

Martin Basti mbasti at redhat.com
Tue Jul 19 11:19:35 UTC 2016 


On 19.07.2016 12:21, Simo Sorce wrote:
> On Tue, 2016-07-19 at 10:17 +0200, thierry bordaz wrote:
>>
>> On 07/13/2016 10:02 PM, Lukas Slebodnik wrote:
>>> On (13/07/16 16:50), thierry bordaz wrote:
>>>> https://fedorahosted.org/freeipa/ticket/6030
>>>> >From 4efedc5e674db92f9f7c160429df543422ed8afb Mon Sep 17 00:00:00
>> 2001
>>>> From: Thierry Bordaz <tbordaz at redhat.com>
>>>> Date: Wed, 13 Jul 2016 15:34:20 +0200
>>>> Subject: [PATCH] Ticket 6030 Bug in the ipapwd plugin
>>>>
>>>> ipapwd_encrypt_encode_key allocates 'kset' on the heap but
>>>> with num_keys and keys not being initialized.
>>>> Then ipa_krb5_generate_key_data initializes them with the
>>>> generated keys.
>>>> If ipa_krb5_generate_key_data fails (here EINVAL meaning no
>>>> principal->realm.data), num_keys and keys are left uninitialized.
>>>> Upon failure, ipapwd_keyset_free is called to free 'kset'
>>>> that contains random num_keys and keys.
>>>>
>>>> allocates kset with calloc so that kset->num_keys==0 and
>>>> kset->keys==NULL
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/6030
>>>> ---
>>>> daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
>> b/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
>>>> index 5ca155d..46bf79a 100644
>>>> --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
>>>> +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
>>>> @@ -148,7 +148,7 @@ Slapi_Value **ipapwd_encrypt_encode_key(struct
>> ipapwd_krbcfg *krbcfg,
>>>>            pwd.length = strlen(data->password);
>>>>        }
>>>>
>>>> -    kset = malloc(sizeof(struct ipapwd_keyset));
>>>> +    kset = calloc(sizeof(struct ipapwd_keyset));
>>> I though that calloc need two arguments
>>>
>>> man malloc says:
>>>           void *malloc(size_t size);
>>>           void *calloc(size_t nmemb, size_t size);
>>>
>>> LS
>> Oppss,  sorry for this dummy patch. Here is the right one
> ACK,
> Simo.
>
Pushed to master: b04f617803c430b13f8796e911f78bd65f6cf55f

More information about the Freeipa-devel mailing list