[30587] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix KDC crash when logging PKINIT enctypes
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Sep 27 13:11:16 2019
Date: Fri, 27 Sep 2019 13:10:38 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201909271710.x8RHAcYF022358@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/c3e62609849ab62caf52fa9b90d9ab60d365a64d
commit c3e62609849ab62caf52fa9b90d9ab60d365a64d
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Sep 25 12:57:56 2019 -0400
Fix KDC crash when logging PKINIT enctypes
Commit a649279727490687d54becad91fde8cf7429d951 introduced a KDC crash
bug due to transposed strlcpy() arguments. Fix the argument order.
This bug does not affect any MIT krb5 release, but affects the Fedora
krb5 packages due to backports. CVE-2019-14844 has been issued as a
result.
ticket: 8772
src/kdc/kdc_util.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 936ec23..8c0fa8c 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1107,7 +1107,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
else
return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
- if (strlcpy(name, buf, buflen) >= buflen)
+ if (strlcpy(buf, name, buflen) >= buflen)
return ENOMEM;
return 0;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
