[Bug] invalid mem access in lib/gssapi/client.c

Hi, all

I found an invalid mem access bug in lib/gssapi/client.c. Herer is the patch. Hope it helpful for the project.

diff --git a/lib/gssapi/client.c b/lib/gssapi/client.c

index f46d65ac..cd4ccc01 100644

--- a/lib/gssapi/client.c

+++ b/lib/gssapi/client.c

@@ -299,7 +299,7 @@ _gsasl_gssapi_client_encode (Gsasl_session * sctx,

if (GSS_ERROR (maj_stat))

return GSASL_GSSAPI_WRAP_ERROR;

*output_len = output_message_buffer.length;

- *output = malloc (input_len);

+ *output = malloc (output_message_buffer.length);

if (!*output)

{

maj_stat = gss_release_buffer (&min_stat, &output_message_buffer);

@@ -352,7 +352,7 @@ _gsasl_gssapi_client_decode (Gsasl_session * sctx,

if (GSS_ERROR (maj_stat))

return GSASL_GSSAPI_UNWRAP_ERROR;

*output_len = output_message_buffer.length;

- *output = malloc (input_len);

+ *output = malloc (output_message_buffer.length);

if (!*output)

{

maj_stat = gss_release_buffer (&min_stat, &output_message_buffer);

Best regards,

Deng, Wenqi

From:	tbc TobeContinued
Subject:	[Bug] invalid mem access in lib/gssapi/client.c
Date:	Mon, 10 Jan 2022 09:32:10 +0000