aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2017-04-11 17:00:01 -0400
committerGreg Hudson <ghudson@mit.edu>2017-07-17 17:33:48 -0400
commit39a8a84b9bc880ef2879667f93c18b4d1b989eff (patch)
treecaab5956ab6b778eb90eb6350368e7fc7bfde9b5
parent4d2d6096c181eb2ec79597dc94d48b31af606615 (diff)
downloadkrb5-39a8a84b9bc880ef2879667f93c18b4d1b989eff.zip
krb5-39a8a84b9bc880ef2879667f93c18b4d1b989eff.tar.gz
krb5-39a8a84b9bc880ef2879667f93c18b4d1b989eff.tar.bz2
Check for FAST in encrypted challenge client
If we reach the encrypted challenge clpreauth process method without an armor key, error out instead of crashing. This can happen if (a) the KDC offers encrypted challenge even though the request doesn't use FAST (the Heimdal KDC apparently does this), and (b) we fall back to that preauth method before generating a preauthenticated request, typically because of a prompter failure in encrypted timestamp. Reported by Nico Williams. (cherry picked from commit ff6aac3e018e80fa32df2e14446c6ed9595dfc3c) ticket: 8573 version_fixed: 1.14.6
Diffstat
-rw-r--r--src/lib/krb5/krb/preauth_ec.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c
index b197833..c1aa909 100644
--- a/src/lib/krb5/krb/preauth_ec.c
+++ b/src/lib/krb5/krb/preauth_ec.c
@@ -58,6 +58,8 @@ ec_process(krb5_context context, krb5_clpreauth_moddata moddata,
krb5_keyblock *challenge_key = NULL, *armor_key, *as_key;
armor_key = cb->fast_armor(context, rock);
+ if (armor_key == NULL)
+ return ENOENT;
retval = cb->get_as_key(context, rock, &as_key);
if (retval == 0 && padata->length) {
krb5_enc_data *enc = NULL;
generated by cgit v1.1 at 2024-06-28 10:37:35 +0000