mirror of
https://github.com/samba-team/samba.git
synced 2025-03-12 20:58:37 +03:00
CVE-2022-3437 source4/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton
Jule Anger
parent
5f6dbf2ab2
commit
9f6f1e01ac
@ -180,9 +180,10 @@ unwrap_des
|
||||
output_message_buffer->value = malloc(output_message_buffer->length);
|
||||
if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
memcpy (output_message_buffer->value,
|
||||
p + 24,
|
||||
output_message_buffer->length);
|
||||
if (output_message_buffer->value != NULL)
|
||||
memcpy (output_message_buffer->value,
|
||||
p + 24,
|
||||
output_message_buffer->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
#endif
|
||||
@ -374,9 +375,10 @@ unwrap_des3
|
||||
output_message_buffer->value = malloc(output_message_buffer->length);
|
||||
if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
memcpy (output_message_buffer->value,
|
||||
p + 36,
|
||||
output_message_buffer->length);
|
||||
if (output_message_buffer->value != NULL)
|
||||
memcpy (output_message_buffer->value,
|
||||
p + 36,
|
||||
output_message_buffer->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user