[29043] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Check for null name_type in gss_display_name_ext

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Aug 31 12:41:22 2015

Date: Mon, 31 Aug 2015 12:41:18 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201508311641.t7VGfIX3017683@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/3fdf09ac9a36581b47f40c9d177e463cc12687ff
commit 3fdf09ac9a36581b47f40c9d177e463cc12687ff
Author: Solly Ross <sross@redhat.com>
Date:   Thu Aug 27 15:55:35 2015 -0400

    Check for null name_type in gss_display_name_ext
    
    It is possible for the input name's name_type to be GSS_C_NO_OID.
    g_OID_equal() does not account for GSS_C_NO_OID, so we have to
    manually check before use to prevent null pointer dereferences.
    
    ticket: 8238 (new)
    target_version: 1.13.3
    tags: pullup

 src/lib/gssapi/mechglue/g_dsp_name_ext.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/lib/gssapi/mechglue/g_dsp_name_ext.c b/src/lib/gssapi/mechglue/g_dsp_name_ext.c
index 14326a3..be08dd1 100644
--- a/src/lib/gssapi/mechglue/g_dsp_name_ext.c
+++ b/src/lib/gssapi/mechglue/g_dsp_name_ext.c
@@ -94,6 +94,7 @@ gss_display_name_ext (OM_uint32 *minor_status,
             status = GSS_S_BAD_NAME;
         else if (mech->gss_display_name_ext == NULL) {
             if (mech->gss_display_name != NULL &&
+                union_name->name_type != GSS_C_NO_OID &&
                 g_OID_equal(display_as_name_type, union_name->name_type)) {
                 status = (*mech->gss_display_name)(minor_status,
                                                    union_name->mech_name,
@@ -114,7 +115,8 @@ gss_display_name_ext (OM_uint32 *minor_status,
         return status;
     }
 
-    if (!g_OID_equal(display_as_name_type, union_name->name_type))
+    if (union_name->name_type == GSS_C_NO_OID ||
+        !g_OID_equal(display_as_name_type, union_name->name_type))
         return GSS_S_UNAVAILABLE;
 
     if ((output_name_buffer->value =
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post