[30707] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.17]: Fix handling of invalid CAMMAC service
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jan 27 10:33:00 2020
Date: Mon, 27 Jan 2020 10:32:37 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202001271532.00RFWbpF008561@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/ad105209b4701d51437d1ffcc75ee3aa1e45f5ad
commit ad105209b4701d51437d1ffcc75ee3aa1e45f5ad
Author: Jeffrey Arbuckle <jeffa.lans@gmail.com>
Date: Sat Dec 21 22:59:20 2019 -0500
Fix handling of invalid CAMMAC service verifier
In extract_cammacs(), avoid a null dereference if the CAMMAC service
verifier is invalid or the CAMMAC is empty.
(cherry picked from commit 8451ff6ed57361de585a35f35a39c54dc48172c7)
ticket: 8856
version_fixed: 1.17.2
src/lib/krb5/krb/authdata.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index 7fbcfab..12ac92d 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -557,6 +557,8 @@ extract_cammacs(krb5_context kcontext, krb5_authdata **cammacs,
if (ret && ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
goto cleanup;
ret = 0;
+ if (elements == NULL)
+ continue;
/* Add the verified elements to list and free the container array. */
for (n_elements = 0; elements[n_elements] != NULL; n_elements++);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
