[30041] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.14]: Prevent null dereference with keyboard
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Sep 22 12:48:49 2017
Date: Fri, 22 Sep 2017 12:48:45 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201709221648.v8MGmjfU000872@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/763a884a0186a95134acc1afe26b8647a2ee1ee3
commit 763a884a0186a95134acc1afe26b8647a2ee1ee3
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Jul 18 12:29:12 2017 -0400
Prevent null dereference with keyboard master key
If krb5_db_fetch_mkey() prompts for a master key and needs to
determine the kvno, check that the master entry contains any key data
before dereferencing the first element. Reported by Joshua Schaeffer.
(cherry picked from commit 29c504504f0c56c861d968ba2498590bf34714cd)
ticket: 8600
version_fixed: 1.14.6
src/lib/kdb/kdb5.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index b85af5a..3d5d919 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1092,11 +1092,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
krb5_db_entry *master_entry;
rc = krb5_db_get_principal(context, mname, 0, &master_entry);
- if (rc == 0) {
+ if (rc == 0 && master_entry->n_key_data > 0)
*kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
- krb5_db_free_principal(context, master_entry);
- } else
+ else
*kvno = 1;
+ if (rc == 0)
+ krb5_db_free_principal(context, master_entry);
}
if (!salt)
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
