kdc: Fix NULL pointer dereference on failure to verify armor ticket PAC
r->client_princ and r->server_princ are only set in the AS-REQ case, but we perform the PAC check in the TGS-REQ case, so calling krb5_unparse_name() will dereference a NULL pointer. Instead, use r->cname and r->sname. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
committed by
Luke Howard
Luke Howard
parent
2670599efa
commit
b16f93240e
11
kdc/fast.c
11
kdc/fast.c
@@ -851,21 +851,12 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
|
|||||||
&r->armor_ticket->ticket, &ad_kdc_issued, &mspac);
|
&r->armor_ticket->ticket, &ad_kdc_issued, &mspac);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
const char *msg = krb5_get_error_message(r->context, ret);
|
const char *msg = krb5_get_error_message(r->context, ret);
|
||||||
char *client_princ_name = NULL;
|
|
||||||
char *server_princ_name = NULL;
|
|
||||||
|
|
||||||
krb5_unparse_name(r->context, r->client_princ, &client_princ_name);
|
|
||||||
krb5_unparse_name(r->context, r->server_princ, &server_princ_name);
|
|
||||||
|
|
||||||
kdc_log(r->context, r->config, 4,
|
kdc_log(r->context, r->config, 4,
|
||||||
"Verify armor PAC (%s) failed for %s (%s) from %s with %s (%s)",
|
"Verify armor PAC (%s) failed for %s (%s) from %s with %s (%s)",
|
||||||
armor_client_principal_name,
|
armor_client_principal_name, r->cname, r->sname,
|
||||||
server_princ_name ? server_princ_name : "<unknown>",
|
|
||||||
client_princ_name ? client_princ_name : "<unknown>",
|
|
||||||
r->from, msg, mspac ? "Ticket unsigned" : "No PAC");
|
r->from, msg, mspac ? "Ticket unsigned" : "No PAC");
|
||||||
|
|
||||||
krb5_xfree(server_princ_name);
|
|
||||||
krb5_xfree(client_princ_name);
|
|
||||||
krb5_free_error_message(r->context, msg);
|
krb5_free_error_message(r->context, msg);
|
||||||
|
|
||||||
if (ad_kdc_issued == FALSE || mspac == NULL)
|
if (ad_kdc_issued == FALSE || mspac == NULL)
|
||||||
|
|||||||
Reference in New Issue
Block a user