[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kerberosV: memdup bug
- To: bugs_(_at_)_openbsd_(_dot_)_org
- Subject: kerberosV: memdup bug
- From: Alexey Dobriyan <adobriyan_(_at_)_gmail_(_dot_)_com>
- Date: Mon, 13 Mar 2006 00:29:34 +0300
->components is unsigned int, so patch #1
Index: kerberosV/src/lib/asn1/der_copy.c
===================================================================
RCS file: /cvs/src/kerberosV/src/lib/asn1/der_copy.c,v
retrieving revision 1.3
diff -u -p -r1.3 der_copy.c
--- kerberosV/src/lib/asn1/der_copy.c 2003/05/11 03:40:00 1.3
+++ kerberosV/src/lib/asn1/der_copy.c 2006/03/12 21:11:59
@@ -62,6 +62,6 @@ copy_oid (const oid *from, oid *to)
to->components = malloc(to->length * sizeof(*to->components));
if (to->length != 0 && to->components == NULL)
return ENOMEM;
- memcpy(to->components, from->components, to->length);
+ memcpy(to->components, from->components, to->length * sizeof(*to->components));
return 0;
}
OTOH, copy_oid() is unused, so patch #2
Index: kerberosV//src/lib/asn1/der.h
===================================================================
RCS file: /cvs/src/kerberosV/src/lib/asn1/der.h,v
retrieving revision 1.1.1.2
diff -u -p -r1.1.1.2 der.h
--- kerberosV//src/lib/asn1/der.h 2003/05/11 02:15:36 1.1.1.2
+++ kerberosV//src/lib/asn1/der.h 2006/03/12 21:14:07
@@ -145,7 +145,6 @@ size_t length_generalized_time (const ti
int copy_general_string (const general_string *from, general_string *to);
int copy_octet_string (const octet_string *from, octet_string *to);
-int copy_oid (const oid *from, oid *to);
int fix_dce(size_t reallen, size_t *len);
Index: kerberosV//src/lib/asn1/der_copy.c
===================================================================
RCS file: /cvs/src/kerberosV/src/lib/asn1/der_copy.c,v
retrieving revision 1.3
diff -u -p -r1.3 der_copy.c
--- kerberosV//src/lib/asn1/der_copy.c 2003/05/11 03:40:00 1.3
+++ kerberosV//src/lib/asn1/der_copy.c 2006/03/12 21:14:07
@@ -54,14 +54,3 @@ copy_octet_string (const octet_string *f
memcpy(to->data, from->data, to->length);
return 0;
}
-
-int
-copy_oid (const oid *from, oid *to)
-{
- to->length = from->length;
- to->components = malloc(to->length * sizeof(*to->components));
- if (to->length != 0 && to->components == NULL)
- return ENOMEM;
- memcpy(to->components, from->components, to->length);
- return 0;
-}
Visit your host, monkey.org