[30990] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix multiple UPN handling in PKINIT client certs
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Apr 7 16:58:52 2021
Date: Wed, 7 Apr 2021 16:53:03 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202104072053.137Kr3Og008840@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/4e325cadee4f5511e494f0b4fd9faeb24e7b7c08
commit 4e325cadee4f5511e494f0b4fd9faeb24e7b7c08
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Wed Mar 17 17:44:46 2021 -0400
Fix multiple UPN handling in PKINIT client certs
Commit 0f26c1c7504777d6e7bfa1d3dee575c504ab6c05 neglected to increment
the array index when storing UPN strings. Also remove the unused
num_found variable.
[ghudson@mit.edu: pulled from a larger commit; added removal of
num_found; wrote commit message]
ticket: 9000 (new)
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index fbbdab5..2639104 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1964,7 +1964,7 @@ crypto_retrieve_X509_sans(krb5_context context,
krb5_principal *princs = NULL;
char **upns = NULL;
unsigned char **dnss = NULL;
- unsigned int i, num_found = 0, num_sans = 0;
+ unsigned int i, num_sans = 0;
X509_EXTENSION *ext = NULL;
GENERAL_NAMES *ialt = NULL;
GENERAL_NAME *gen = NULL;
@@ -2047,7 +2047,6 @@ crypto_retrieve_X509_sans(krb5_context context,
__FUNCTION__);
} else {
p++;
- num_found++;
}
} else if (upns != NULL &&
OBJ_cmp(plgctx->id_ms_san_upn,
@@ -2058,6 +2057,7 @@ crypto_retrieve_X509_sans(krb5_context context,
upns[u] = k5memdup0(name.data, name.length, &ret);
if (upns[u] == NULL)
goto cleanup;
+ u++;
} else {
pkiDebug("%s: unrecognized othername oid in SAN\n",
__FUNCTION__);
@@ -2079,7 +2079,6 @@ crypto_retrieve_X509_sans(krb5_context context,
__FUNCTION__);
} else {
d++;
- num_found++;
}
}
break;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
