diff options
author | Volker Lendecke <vl@samba.org> | 2015-05-03 09:29:51 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2015-05-07 20:20:19 +0200 |
commit | 4ae2266015e06dee5cd262d87b4895a73396b6b7 (patch) | |
tree | 093f0b1896c16525e1a5d201e5755f31f5f60ffd /source4/heimdal | |
parent | 3876e59826ad17466975ae9e9a65879c76737b2b (diff) | |
download | samba-4ae2266015e06dee5cd262d87b4895a73396b6b7.tar.gz |
heimdal: Fix CID 240793 Uninitialized scalar variable
tmp.data is uninitialized in the fwrite call
Hopefully I don't create a problem here: If tmp.data is supposed to be randomly
set, I think the right fix would have been to explicitly call a random function
initializing it.
<jra@samba.org>
------------------------------------------------------------
I have looked through the code carefully. Your fix is safe.
The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data[16] value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).
Only subsequent data[16] values are checked with memcmp.
------------------------------------------------------------
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/heimdal')
-rw-r--r-- | source4/heimdal/lib/krb5/replay.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index 965dd44437d..d85424db341 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -129,7 +129,7 @@ krb5_rc_initialize(krb5_context context, krb5_deltat auth_lifespan) { FILE *f = fopen(id->name, "w"); - struct rc_entry tmp; + struct rc_entry tmp = { .stamp = auth_lifespan }; int ret; if(f == NULL) { @@ -139,7 +139,6 @@ krb5_rc_initialize(krb5_context context, krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } - tmp.stamp = auth_lifespan; fwrite(&tmp, 1, sizeof(tmp), f); fclose(f); return 0; |