jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 05:27:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

STABLE14-windows-afskfw-bluescreen-20070418

Browse Source 
The afskfw library contains an unprotected call to krb5_free_context
which can result in krb5_free_context being called with a NULL pointer.
MIT's Kerberos libraries do not check that the pointer is non-NULL and
will attempt to use it as a valid pointer which will in turn result
in an invalid memory access error.

This library is used by afslogon.dll which is loaded by winlogon.exe.

If the krb5 profile is invalid, the krb5_init_context call will fail
to allocate a krb5_context structure which can then result in
krb5_free_context being called with a NULL pointer.

An unhandled exception within winlogon.exe will cause a blue screen event
on Windows 2000, XP and 2003.


(cherry picked from commit 85a23a70c783364e039f2a1b402ba718c1fc34a5)
This commit is contained in:
Jeffrey Altman 2007-04-18 16:58:22 +00:00
parent 2f1e319540
commit 20f2501322
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/WINNT/afsd/afskfw.c
View File

@ -1422,7 +1422,8 @@ KFW_AFS_destroy_tickets_for_cell(char * cell)
}
free(principals);
}
pkrb5_free_context(ctx);
if (ctx)
pkrb5_free_context(ctx);
return 0;
}
@ -1476,7 +1477,8 @@ KFW_AFS_destroy_tickets_for_principal(char * user)
free(cells);
}
pkrb5_free_context(ctx);
if (ctx)
pkrb5_free_context(ctx);
return 0;
}
@ -1700,7 +1702,8 @@ KFW_AFS_renew_token_for_cell(char * cell)
code = -1; // we did not renew the tokens
cleanup:
pkrb5_free_context(ctx);
if (ctx)
pkrb5_free_context(ctx);
return (code ? FALSE : TRUE);
}