[16127] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8726] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Sep 26 15:21:11 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8726@krbdev.mit.edu>
Message-ID: <rt-8726-48848.18.4885096650785@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8726'":;
Date: Wed, 26 Sep 2018 15:20:52 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Fix null deref on some invalid PKINIT identities

pkinit_identity.c:parse_fs_options() could crash if the first
strtok_r() call returns NULL, which happens when the residual string
begins with ','.  Fix this bug by checking for a leading comma and
checking the strtok_r() result, and add a test case.  Reported by Bean
Zhang.

Also return EINVAL rather than 0 on invalid input, and don't leave an
allocated value in idopts->cert_filename if we fail to copy the key
filename.

https://github.com/krb5/krb5/commit/23cd8e41d335027ff2e2a586345a570f97a926d4
Author: Greg Hudson <ghudson@mit.edu>
Commit: 23cd8e41d335027ff2e2a586345a570f97a926d4
Branch: master
 src/plugins/preauth/pkinit/pkinit_identity.c |   21 +++++++++++++++------
 src/tests/t_pkinit.py                        |    5 +++++
 2 files changed, 20 insertions(+), 6 deletions(-)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post