oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

spnego: Fix NULL deref

Browse Source 
Reported to Heimdal by Michał Kępień <michal@isc.org>.

From the report:

Acknowledgement
---------------

This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability, which was reported to ISC by Trend Micro's Zero Day
Initiative.
This commit is contained in:
Nicolas Williams
2021-11-11 22:38:46 -06:00
parent 6cbe35ad5d
commit 7a19658c1f
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -754,7 +754,7 @@ acceptor_start
* If opportunistic token failed, lets try the other mechs. * If opportunistic token failed, lets try the other mechs.
*/ */
if (!first_ok && ni->mechToken != NULL) { if (!first_ok) {
size_t j; size_t j;
/* Call glue layer to find first mech we support */ /* Call glue layer to find first mech we support */
@@ -771,11 +771,11 @@ acceptor_start
break; break;
} }
} }
if (ctx->selected_mech_type == GSS_C_NO_OID) { }
heim_assert(ret != GSS_S_COMPLETE, "no oid and no error code?"); if (ctx->selected_mech_type == GSS_C_NO_OID) {
*minor_status = junk; heim_assert(ret != GSS_S_COMPLETE, "no oid and no error code?");
goto out; *minor_status = junk;
} goto out;
} }
/* /*