oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

lib/krb5: fix _krb5_get_int64 on 32-bit systems

Browse Source 
On systems where 'unsigned long' is 32-bits and the 'size'
parameter is set to 8 and the bytes are:

  0x78 0x00 0x00 0x00 0x00 0x00 0x00 0x00

When 'i' becomes 4 'v' will be 0 again. As 'unsigned long' is only
able to hold 4 bytes.

Change the type of 'v' from 'unsigned long' to 'uint64_t' which
matches the type of the output parameter 'value'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
CVE: CVE-2022-42898
Samba-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
This commit is contained in:
Stefan Metzmacher
2022-11-16 10:05:56 -05:00
committed by Jeffrey Altman
parent efeab17c03
commit 9d1bfab988
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/krb5/store-int.c
View File

@@ -49,7 +49,7 @@ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
_krb5_get_int64(void *buffer, uint64_t *value, size_t size)
{
unsigned char *p = buffer;
unsigned long v = 0;
uint64_t v = 0;
size_t i;
for (i = 0; i < size; i++)
v = (v << 8) + p[i];