oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: _kdc_find_etype prevent NULL dereference

Browse Source 
If use_strongest_session_key and no keys are found the return
code will be set to KRB5KDC_ERR_ETYPE_NOSUPP.  However, before
exiting if the principal is a weak exception then the return
code will be set to success and a NULL key pointer will be
dereferenced.   Skip the weak exception check if the return
code is non-zero.

Change-Id: I36d0e1b179b3392171ad6767c75111d59c3f2f7d
This commit is contained in:
Jeffrey Altman
2022-01-17 21:51:57 -05:00
parent 0e3acff241
commit 4b6fb5ab1a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/kerberos5.c
View File

@@ -333,7 +333,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,
}
}
if (enctype == ETYPE_NULL) {
if (ret == 0 && enctype == ETYPE_NULL) {
/*
* if the service principal is one for which there is a known 1DES
* exception and no other enctype matches both the client request and