[29023] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.13]: Fix uncommon null dereference in PKINIT

daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Aug 18 17:15:13 2015

Date: Tue, 18 Aug 2015 17:15:09 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201508182115.t7ILF9Jq019360@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/fd58e67b5778642dc882c3f5a256f0cbff669a0e
commit fd58e67b5778642dc882c3f5a256f0cbff669a0e
Author: Greg Hudson <ghudson@mit.edu>
Date:   Fri Jul 3 19:34:46 2015 -0400

    Fix uncommon null dereference in PKINIT client
    
    crypto_retrieve_cert_sans() is allowed to set its princs output to
    NULL, although the OpenSSL implementation rarely does.  Fix the
    TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC for loop to allow this like other
    parts of the function do, and also get rid of the unnecessary princptr
    variable by using an integer index like other parts of the function.
    
    Based on a patch from Daniel Deptula.
    
    (cherry picked from commit 47b37b9e13ca1456ba6710f31bc41012d050dd07)
    
    ticket: 8214
    version_fixed: 1.13.3
    status: resolved

 src/plugins/preauth/pkinit/pkinit_clnt.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 5ad735a..3139d4b 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -464,7 +464,7 @@ verify_kdc_san(krb5_context context,
 {
     krb5_error_code retval;
     char **certhosts = NULL, **cfghosts = NULL, **hostptr;
-    krb5_principal *princs = NULL, *princptr;
+    krb5_principal *princs = NULL;
     unsigned char ***get_dns;
     int i, j;
 
@@ -496,8 +496,8 @@ verify_kdc_san(krb5_context context,
         retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
         goto out;
     }
-    for (princptr = princs; *princptr != NULL; princptr++)
-        TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, *princptr);
+    for (i = 0; princs != NULL && princs[i] != NULL; i++)
+        TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, princs[i]);
     if (certhosts != NULL) {
         for (hostptr = certhosts; *hostptr != NULL; hostptr++)
             TRACE_PKINIT_CLIENT_SAN_KDCCERT_DNSNAME(context, *hostptr);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post