[28418] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.12]: Fix invalid JSON handling in KDC OTP module
daemon@ATHENA.MIT.EDU (Tom Yu)
Fri Jun 27 12:34:59 2014
Date: Fri, 27 Jun 2014 12:34:49 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201406271634.s5RGYngg005315@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/e52d893ec6701006bbf390856bf94bfe8da7c483
commit e52d893ec6701006bbf390856bf94bfe8da7c483
Author: Greg Hudson <ghudson@mit.edu>
Date: Sun May 18 17:57:25 2014 -0400
Fix invalid JSON handling in KDC OTP module
If the OTP configuration for a principal contains invalid JSON, the
KDC OTP module calls k5_json_get_tid on a null pointer, causing the
KDC process to crash. Fix this bug by checking the return value of
k5_json_decode in decode_config_json.
(cherry picked from commit dab1c234e15afdc64dfe776bdbc65bbc17d07e12)
ticket: 7912
version_fixed: 1.12.2
status: resolved
src/plugins/preauth/otp/otp_state.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c
index a4d7e3b..5c7476c 100644
--- a/src/plugins/preauth/otp/otp_state.c
+++ b/src/plugins/preauth/otp/otp_state.c
@@ -401,6 +401,8 @@ decode_config_json(const char *config, k5_json_array *out)
/* Decode the config string and make sure it's an array. */
retval = k5_json_decode((config != NULL) ? config : "[{}]", &val);
+ if (retval != 0)
+ goto error;
if (k5_json_get_tid(val) != K5_JSON_TID_ARRAY) {
retval = EINVAL;
goto error;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
