diff options
author | Tom Yu <tlyu@mit.edu> | 2010-05-19 18:52:54 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2010-05-19 18:52:54 +0000 |
commit | f13587dd881b1df5cd613a0957116023c159f77e (patch) | |
tree | 9d39f3c66ac5eff312e6824914c1b772b83980ec | |
parent | 99f4ad4dc904866ffde023cc0169ffddb07bd823 (diff) | |
download | krb5-f13587dd881b1df5cd613a0957116023c159f77e.zip krb5-f13587dd881b1df5cd613a0957116023c159f77e.tar.gz krb5-f13587dd881b1df5cd613a0957116023c159f77e.tar.bz2 |
pull up r24056 from trunk
------------------------------------------------------------------------
r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines
ticket: 6725
subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
tags: pullup
target_version: 1.8.2
Make krb5_gss_accept_sec_context() check for a null authenticator
checksum pointer before attempting to dereference it.
ticket: 6725
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24063 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index ce3075f..6241055 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle, } #endif + if (authdat->checksum == NULL) { + /* missing checksum counts as "inappropriate type" */ + code = KRB5KRB_AP_ERR_INAPP_CKSUM; + major_status = GSS_S_FAILURE; + goto fail; + } + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { /* Samba does not send 0x8003 GSS-API checksums */ krb5_boolean valid; |