[30679] in CVS-changelog-for-Kerberos-V5

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5 commit: Fix handling of invalid CAMMAC service verifier

daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jan 7 16:56:32 2020

Date: Tue, 7 Jan 2020 16:55:53 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202001072155.007LtrIc031557@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/8451ff6ed57361de585a35f35a39c54dc48172c7
commit 8451ff6ed57361de585a35f35a39c54dc48172c7
Author: Jeffrey Arbuckle <jeffa.lans@gmail.com>
Date:   Sat Dec 21 22:59:20 2019 -0500

    Fix handling of invalid CAMMAC service verifier
    
    In extract_cammacs(), avoid a null dereference if the CAMMAC service
    verifier is invalid or the CAMMAC is empty.
    
    ticket: 8856
    tags: pullup
    target_version: 1.17-next

 src/lib/krb5/krb/authdata.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index 3685fcd..7f28883 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -557,6 +557,8 @@ extract_cammacs(krb5_context kcontext, krb5_authdata **cammacs,
         if (ret && ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
             goto cleanup;
         ret = 0;
+        if (elements == NULL)
+            continue;
 
         /* Add the verified elements to list and free the container array. */
         for (n_elements = 0; elements[n_elements] != NULL; n_elements++);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home	help	back	first	fref	pref	prev	next	nref	lref	last	post