[29460] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.13]: Fix krb5_def_fetch_mkey_list() segfault
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Jul 6 14:46:09 2016
Date: Wed, 6 Jul 2016 14:46:04 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201607061846.u66Ik4gp011237@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/d70597bc1cdd8bd22299b61ac17b9d684c626b8f
commit d70597bc1cdd8bd22299b61ac17b9d684c626b8f
Author: Matt Rogers <mrogers@redhat.com>
Date: Fri Apr 15 17:27:36 2016 -0400
Fix krb5_def_fetch_mkey_list() segfault
Return KRB5_KDB_NOMASTERKEY if K/M contains no key data, instead of
blindly dereferencing the first key data element.
(cherry picked from commit 83494605b2dd594ab33f9b3cfa5abc82cf0f9e92)
ticket: 8395
version_fixed: 1.13.6
src/lib/kdb/kdb_default.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 31b3e69..9301f1d 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -449,6 +449,11 @@ krb5_def_fetch_mkey_list(krb5_context context,
if (retval)
return (retval);
+ if (master_entry->n_key_data == 0) {
+ retval = KRB5_KDB_NOMASTERKEY;
+ goto clean_n_exit;
+ }
+
/*
* Check if the input mkey is the latest key and if it isn't then find the
* latest mkey.
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5