krb5: fix a potential access of uninitialized memory

author Daniel Stenberg <daniel@haxx.se>

Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)
author Daniel Stenberg <daniel@haxx.se>
Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)
diff --git a/lib/krb5.c b/lib/krb5.c

index 69a35979a89fd6d1470d894fff7a5e05706c4fcb..35a4ca0c2b9a523cd44a58b24775b50d79bc39e0 100644 (file)
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -2,7 +2,7 @@
   *
   * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
   * (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2016 Daniel Stenberg
+ * Copyright (c) 2004 - 2017 Daniel Stenberg
   * All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
@@ -282,6 +282,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
            break;
          }
  
+        _gssresp.value = NULL; /* make sure it is initialized */
          p = data->state.buffer + 4;
          p = strstr(p, "ADAT=");
          if(p) {
author	Daniel Stenberg <daniel@haxx.se>
	Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)