Changeset 286 for trunk/lib/winsec.c


Ignore:
Timestamp:
08/23/15 00:09:08 (9 years ago)
Author:
tim
Message:

Fixed a NULL pointer dereference and one dangling pointer, triggered by corrupt security descriptors.
Thanks AFL!

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/winsec.c

    r261 r286  
    413413  uint32_t i, size = WINSEC_MAX_SUBAUTHS*11 + 24;
    414414  uint32_t left = size;
    415   uint8_t comps = sid->num_auths;
    416   char* ret_val = malloc(size);
    417  
     415  uint8_t comps;
     416  char* ret_val;
     417
     418  if(sid == NULL)
     419    return NULL;
     420  comps = sid->num_auths;
     421
     422  ret_val = malloc(size);
    418423  if(ret_val == NULL)
    419424    return NULL;
Note: See TracChangeset for help on using the changeset viewer.