Date: Fri, 7 Dec 2001 17:07:03 -0500 (EST) From: "Alexander N. Kabaev" <ak03@gte.com> To: FreeBSD-gnats-submit@freebsd.org Cc: assar@freebsd.org Subject: bin/32591: The memory block doubly freed in Heimdal Kerberos5 Message-ID: <200112072207.fB7M73S67160@h132-197-179-27.gte.com>
next in thread | raw e-mail | index | archive | help
>Number: 32591 >Category: bin >Synopsis: The memory block doubly freed in Heimdal Kerberos5 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 07 14:30:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Alexander N. Kabaev >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD kanpc.gte.com 5.0-CURRENT FreeBSD 5.0-CURRENT #10: Wed Dec 5 13:23:00 EST 2001 root@kanpc.gte.com:/usr/src/sys/i386/compile/KANPC i386 >Description: The /usr/src/crypto/heimdal/lib/krb5/keytab_any.c file contains the following code in function any_start_seq_get: >How-To-Repeat: N/A >Fix: Index: /usr/src/crypto/heimdal/lib/krb5/keytab_any.c =================================================================== RCS file: /usr/ncvs/src/crypto/heimdal/lib/krb5/keytab_any.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 keytab_any.c --- /usr/src/crypto/heimdal/lib/krb5/keytab_any.c 21 Jun 2001 02:11:33 -0000 1.1.1.1 +++ /usr/src/crypto/heimdal/lib/krb5/keytab_any.c 7 Dec 2001 21:51:38 -0000 @@ -139,7 +139,6 @@ ed->a = a; ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); if (ret) { - free (ed); free (c->data); c->data = NULL; krb5_set_error_string (context, "malloc: out of memory"); >Release-Note: >Audit-Trail: >Unformatted: >>>>>>>>>> ed = (struct any_cursor_extra_data *)c->data; ed->a = a; ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); if (ret) { free (ed); free (c->data); c->data = NULL; <<<<<<<<<< The free(ed) statement is bogus, because in this case c->data == ed, and it is not a very good idea to free the same memory block twice. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112072207.fB7M73S67160>