[30010] in CVS-changelog-for-Kerberos-V5
krb5 commit: Prevent null dereference with keyboard master key
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 24 11:14:08 2017
Date: Mon, 24 Jul 2017 11:14:02 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201707241514.v6OFE2gp021211@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/29c504504f0c56c861d968ba2498590bf34714cd
commit 29c504504f0c56c861d968ba2498590bf34714cd
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Jul 18 12:29:12 2017 -0400
Prevent null dereference with keyboard master key
If krb5_db_fetch_mkey() prompts for a master key and needs to
determine the kvno, check that the master entry contains any key data
before dereferencing the first element. Reported by Joshua Schaeffer.
ticket: 8600 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
src/lib/kdb/kdb5.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index ad637b6..da53322 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1215,11 +1215,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
krb5_db_entry *master_entry;
rc = krb5_db_get_principal(context, mname, 0, &master_entry);
- if (rc == 0) {
+ if (rc == 0 && master_entry->n_key_data > 0)
*kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
- krb5_db_free_principal(context, master_entry);
- } else
+ else
*kvno = 1;
+ if (rc == 0)
+ krb5_db_free_principal(context, master_entry);
}
if (!salt)
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
