[31481] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix OTP preauth crash with null prompter
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Thu Oct 23 17:02:55 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20251023210250.59BD51041A5@krbdev.mit.edu>
Date: Thu, 23 Oct 2025 17:02:50 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/ca97bf697ab1561af1fbd12f5fd13466ec35a962
commit ca97bf697ab1561af1fbd12f5fd13466ec35a962
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date: Sun Oct 19 18:14:29 2025 +0300
Fix OTP preauth crash with null prompter
In doprompt(), check if the caller provided a prompter before
dereferencing it. Similar code returns either EIO or
KRB5_LIBOS_CANTREADPWD; use EIO for this case as OTP preauth prompts
for a PIN and not a Kerberos password.
[ghudson@mit.edu: edited commit message]
ticket: 9186 (new)
src/lib/krb5/krb/preauth_otp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c
index 07ffc15c2..48003da62 100644
--- a/src/lib/krb5/krb/preauth_otp.c
+++ b/src/lib/krb5/krb/preauth_otp.c
@@ -479,6 +479,9 @@ doprompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data,
krb5_error_code retval;
krb5_prompt_type prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+ if (prompter == NULL)
+ return EIO;
+
if (prompttxt == NULL || out == NULL)
return EINVAL;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
