oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Security: Avoid NULL structure pointer member dereference

Browse Source 
This can happen in the error path when processing malformed AS
requests with a NULL client name.  Bug originally introduced on
Fri Feb 13 09:26:01 2015 +0100 in commit:

    a873e21d7c

    kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext()

Original patch by Jeffrey Altman <jaltman@secure-endpoints.com>
This commit is contained in:
Viktor Dukhovni
2017-12-05 18:49:50 -05:00
parent abee4b3f68
commit 1a6a6e462d
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kdc/kerberos5.c
View File

@@ -2232,15 +2232,17 @@ out:
/* /*
* In case of a non proxy error, build an error message. * In case of a non proxy error, build an error message.
*/ */
if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
ret = _kdc_fast_mk_error(context, r, ret = _kdc_fast_mk_error(context, r,
&error_method, &error_method,
r->armor_crypto, r->armor_crypto,
&req->req_body, &req->req_body,
ret, r->e_text, ret, r->e_text,
r->server_princ, r->server_princ,
&r->client_princ->name, r->client_princ ?
&r->client_princ->realm, &r->client_princ->name : NULL,
r->client_princ ?
&r->client_princ->realm : NULL,
NULL, NULL, NULL, NULL,
reply); reply);
if (ret) if (ret)