[17112] in Kerberos-V5-bugs
[krbdev.mit.edu #9218] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Jun 10 16:12:52 2026
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-1105289-1781122367-1102.9218-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9218":;
Date: Wed, 10 Jun 2026 16:12:47 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Wed Jun 10 16:12:47 2026: Request 9218 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9218 >
Better validate key_data_ver in iprop decoding
In ulog_conv_2dbentry(), when decoding an update's AT_KEYDATA
attribute, the decoded key_data_ver value is used as a bound on the
enctype and contents fields. Verify that this value does not exceed
the sizes of the update's enctype and contents XDR arrays, to prevent
reading past the end of those arrays. Also check against the expected
lower bound. Reported by Haruki Oyama.
https://github.com/krb5/krb5/commit/7262b0f49e3c37b7237280a1b2e38228831a795d
Author: Greg Hudson <ghudson@mit.edu>
Commit: 7262b0f49e3c37b7237280a1b2e38228831a795d
Branch: master
src/lib/kdb/kdb_convert.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
