diff options
author | Greg Hudson <ghudson@mit.edu> | 2017-07-18 12:29:12 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-07-24 10:53:19 -0400 |
commit | 29c504504f0c56c861d968ba2498590bf34714cd (patch) | |
tree | 9d54ec4c6b133a18a31f7dc562e53de2fbc9024c | |
parent | d265f16b71058b0cb0546a3993c941975a48b70f (diff) | |
download | krb5-29c504504f0c56c861d968ba2498590bf34714cd.zip krb5-29c504504f0c56c861d968ba2498590bf34714cd.tar.gz krb5-29c504504f0c56c861d968ba2498590bf34714cd.tar.bz2 |
Prevent null dereference with keyboard master key
If krb5_db_fetch_mkey() prompts for a master key and needs to
determine the kvno, check that the master entry contains any key data
before dereferencing the first element. Reported by Joshua Schaeffer.
ticket: 8600 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
-rw-r--r-- | src/lib/kdb/kdb5.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index ad637b6..da53322 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1215,11 +1215,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname, krb5_db_entry *master_entry; rc = krb5_db_get_principal(context, mname, 0, &master_entry); - if (rc == 0) { + if (rc == 0 && master_entry->n_key_data > 0) *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno; - krb5_db_free_principal(context, master_entry); - } else + else *kvno = 1; + if (rc == 0) + krb5_db_free_principal(context, master_entry); } if (!salt) |