[16127] in Kerberos-V5-bugs
[krbdev.mit.edu #8726] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Sep 26 15:21:11 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8726@krbdev.mit.edu>
Message-ID: <rt-8726-48848.18.4885096650785@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8726'":;
Date: Wed, 26 Sep 2018 15:20:52 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Fix null deref on some invalid PKINIT identities
pkinit_identity.c:parse_fs_options() could crash if the first
strtok_r() call returns NULL, which happens when the residual string
begins with ','. Fix this bug by checking for a leading comma and
checking the strtok_r() result, and add a test case. Reported by Bean
Zhang.
Also return EINVAL rather than 0 on invalid input, and don't leave an
allocated value in idopts->cert_filename if we fail to copy the key
filename.
https://github.com/krb5/krb5/commit/23cd8e41d335027ff2e2a586345a570f97a926d4
Author: Greg Hudson <ghudson@mit.edu>
Commit: 23cd8e41d335027ff2e2a586345a570f97a926d4
Branch: master
src/plugins/preauth/pkinit/pkinit_identity.c | 21 +++++++++++++++------
src/tests/t_pkinit.py | 5 +++++
2 files changed, 20 insertions(+), 6 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs