[16983] in Kerberos-V5-bugs
[krbdev.mit.edu #9150] Tainted array index at
daemon@ATHENA.MIT.EDU (Val VF via RT)
Mon Nov 4 18:06:39 2024
From: "Val VF via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To: <CAF0FeX1ALfMAosTLA8a-rDc9gijzQawAF5AaOMADcDWPE4D2WQ@mail.gmail.com>
Message-ID: <rt-4.4.3-2-2511321-1730761591-113.9150-4-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9150":;
Date: Mon, 04 Nov 2024 18:06:31 -0500
MIME-Version: 1.0
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Mon Nov 04 18:06:31 2024: Request 9150 was acted upon.
Transaction: Ticket created by federicovalenso@gmail.com
Queue: krb5
Subject: Tainted array index at plugins/kdb/db2/libdb2/hash/hash.c:__kdb2_hash_open
Owner: Nobody
Requestors: federicovalenso@gmail.com
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9150 >
Good day!
Variable *hashp->hdr.ovfl_point *was read from file*, *we should make sure
this value is within bounds, because it's used as an array index
<https://github.com/krb5/krb5/blob/ff4d99b1e4f7b652fc98330c21d1c92e01f14736/src/plugins/kdb/db2/libdb2/hash/hash.c#L169C31-L169C52>
.
With respect,
Valery Fedorenko
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
