[17120] in Kerberos-V5-bugs
[krbdev.mit.edu #9224] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Jul 15 16:30:36 2026
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-1073592-1784147426-1024.9224-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9224":;
Date: Wed, 15 Jul 2026 16:30:26 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Wed Jul 15 16:30:26 2026: Request 9224 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9224 >
Prevent integer overrun in keytab parsing
In krb5_ktfileint_internal_read_entry(), once we have read the size
and determined the starting point of a keytab record, bounds-check the
size to prevent an integer overflow when we seek to the next record.
(Discovered by OSS-Fuzz.)
https://github.com/krb5/krb5/commit/c5629fdffee70a296429d580a890e21c6fa17665
Author: Greg Hudson <ghudson@mit.edu>
Commit: c5629fdffee70a296429d580a890e21c6fa17665
Branch: master
src/lib/krb5/keytab/kt_file.c | 2 ++
src/tests/fuzzing/fuzz_keytab_seed_corpus/big_size | Bin 0 -> 28 bytes
2 files changed, 2 insertions(+)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs