http://web.mit.edu/kerberos/advisories/2011-004-patch-r18.txt diff -Naurp krb5-1.8.1/src/kadmin/server/network.c krb5-1.8.1.oden/src/kadmin/server/network.c --- krb5-1.8.1/src/kadmin/server/network.c 2009-12-03 02:35:21.000000000 +0000 +++ krb5-1.8.1.oden/src/kadmin/server/network.c 2011-04-22 05:03:23.000000000 +0000 @@ -1384,6 +1384,10 @@ cleanup: if (local_kaddrs != NULL) krb5_free_addresses(server_handle->context, local_kaddrs); + if ((*response)->data == NULL) { + free(*response); + *response = NULL; + } krb5_kt_close(server_handle->context, kt); return ret; diff -Naurp krb5-1.8.1/src/kadmin/server/schpw.c krb5-1.8.1.oden/src/kadmin/server/schpw.c --- krb5-1.8.1/src/kadmin/server/schpw.c 2009-10-31 00:48:38.000000000 +0000 +++ krb5-1.8.1.oden/src/kadmin/server/schpw.c 2011-04-22 05:03:23.000000000 +0000 @@ -74,8 +74,13 @@ process_chpw_request(context, server_han plen = (*ptr++ & 0xff); plen = (plen<<8) | (*ptr++ & 0xff); - if (plen != req->length) - return(KRB5KRB_AP_ERR_MODIFIED); + if (plen != req->length) { + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request length was inconsistent", + sizeof(strresult)); + goto chpwfail; + } /* verify version number */