1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

heimdal: Fix CID 240793 Uninitialized scalar variable

tmp.data is uninitialized in the fwrite call

Hopefully I don't create a problem here: If tmp.data is supposed to be randomly
set, I think the right fix would have been to explicitly call a random function
initializing it.

<jra@samba.org>
------------------------------------------------------------
I have looked through the code carefully. Your fix is safe.

The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data[16] value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).

Only subsequent data[16] values are checked with memcmp.
------------------------------------------------------------

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Volker Lendecke 2015-05-03 09:29:51 +00:00 committed by Jeremy Allison
parent 3876e59826
commit 4ae2266015

View File

@ -129,7 +129,7 @@ krb5_rc_initialize(krb5_context context,
krb5_deltat auth_lifespan)
{
FILE *f = fopen(id->name, "w");
struct rc_entry tmp;
struct rc_entry tmp = { .stamp = auth_lifespan };
int ret;
if(f == NULL) {
@ -139,7 +139,6 @@ krb5_rc_initialize(krb5_context context,
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
tmp.stamp = auth_lifespan;
fwrite(&tmp, 1, sizeof(tmp), f);
fclose(f);
return 0;