MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referrals

On certain error conditions, prep_reprocess_req() calls kdc_err() with a null pointer as the format string, causing a null dereference and denial of service. Legitimate protocol requests can trigger this problem. ticket: 6608 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23533 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2009-12-29 02:42:51 +0000
committer: Tom Yu <tlyu@mit.edu> 2009-12-29 02:42:51 +0000
commit: 289555f989b42f2b8d13efe4904dc3515433d5e5 (patch)
tree: 10058cd9b1cbc5ad04a7198b5b9a050e2c4c1017 /src/lib/kadm5
parent: 2656433242405bba721ff2dd46047a38669a3fd3 (diff)
download: krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.zip
krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.tar.gz
krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index a3f4339..384e7a8 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -189,6 +189,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
     char        *cp;
     char        *syslogp;
 
+    if (whoami == NULL || format == NULL)
+        return;
+
     /* Make the header */
     snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
     /*
author	Tom Yu <tlyu@mit.edu>	2009-12-29 02:42:51 +0000
committer	Tom Yu <tlyu@mit.edu>	2009-12-29 02:42:51 +0000
commit	289555f989b42f2b8d13efe4904dc3515433d5e5 (patch)
tree	10058cd9b1cbc5ad04a7198b5b9a050e2c4c1017 /src/lib/kadm5
parent	2656433242405bba721ff2dd46047a38669a3fd3 (diff)
download	krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.zip krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.tar.gz krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.tar.bz2