diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-10-12 13:57:42 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-10-25 10:31:34 +0000 |
commit | ad9d1690ed51d73fbfb7dcb07c6ecb7750cab290 (patch) | |
tree | 744217884c33373fb90ce9feb73d90d3d5b3956b /third_party | |
parent | dffc997adaccaa0980911b62473470cb80969700 (diff) | |
download | samba-ad9d1690ed51d73fbfb7dcb07c6ecb7750cab290.tar.gz |
CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'third_party')
-rw-r--r-- | third_party/heimdal/lib/gssapi/krb5/unwrap.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/third_party/heimdal/lib/gssapi/krb5/unwrap.c b/third_party/heimdal/lib/gssapi/krb5/unwrap.c index e36491b6f94..61ca29156a1 100644 --- a/third_party/heimdal/lib/gssapi/krb5/unwrap.c +++ b/third_party/heimdal/lib/gssapi/krb5/unwrap.c @@ -183,9 +183,10 @@ unwrap_des output_message_buffer->value = malloc(output_message_buffer->length); if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 24, - output_message_buffer->length); + if (output_message_buffer->value != NULL) + memcpy (output_message_buffer->value, + p + 24, + output_message_buffer->length); return GSS_S_COMPLETE; } #endif @@ -377,9 +378,10 @@ unwrap_des3 output_message_buffer->value = malloc(output_message_buffer->length); if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 36, - output_message_buffer->length); + if (output_message_buffer->value != NULL) + memcpy (output_message_buffer->value, + p + 36, + output_message_buffer->length); return GSS_S_COMPLETE; } |