[17120] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #9224] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Jul 15 16:30:36 2026

From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: 
Message-ID: <rt-4.4.3-2-1073592-1784147426-1024.9224-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9224":;
Date: Wed, 15 Jul 2026 16:30:26 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Wed Jul 15 16:30:26 2026: Request 9224 was acted upon.
 Transaction: Ticket created by ghudson@mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson@mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9224 >



Prevent integer overrun in keytab parsing

In krb5_ktfileint_internal_read_entry(), once we have read the size
and determined the starting point of a keytab record, bounds-check the
size to prevent an integer overflow when we seek to the next record.

(Discovered by OSS-Fuzz.)

https://github.com/krb5/krb5/commit/c5629fdffee70a296429d580a890e21c6fa17665
Author: Greg Hudson <ghudson@mit.edu>
Commit: c5629fdffee70a296429d580a890e21c6fa17665
Branch: master
 src/lib/krb5/keytab/kt_file.c                      |   2 ++
 src/tests/fuzzing/fuzz_keytab_seed_corpus/big_size | Bin 0 -> 28 bytes
 2 files changed, 2 insertions(+)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home help back first fref pref prev next nref lref last post