oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: don't leak msg in pa_enc_chal_validate()

Browse Source 
Move initialization of msg in pa_enc_chal_validate() to avoid leak on invalid
password.
This commit is contained in:
Luke Howard
2021-12-17 13:41:55 +11:00
parent a423193ce0
commit e0929d16b7
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kdc/kerberos5.c
View File

@@ -681,7 +681,7 @@ pa_enc_chal_validate(astgs_request_t r,
r->cname); r->cname);
krb5_crypto_destroy(r->context, challengecrypto); krb5_crypto_destroy(r->context, challengecrypto);
if (ret) { if (ret) {
const char *msg = krb5_get_error_message(r->context, ret); const char *msg;
krb5_error_code ret2; krb5_error_code ret2;
char *str = NULL; char *str = NULL;
@@ -695,6 +695,7 @@ pa_enc_chal_validate(astgs_request_t r,
ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str); ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
if (ret2) if (ret2)
str = NULL; str = NULL;
msg = krb5_get_error_message(r->context, ret);
_kdc_r_log(r, 2, "Failed to decrypt ENC-CHAL -- %s " _kdc_r_log(r, 2, "Failed to decrypt ENC-CHAL -- %s "
"(enctype %s) error %s", "(enctype %s) error %s",
r->cname, str ? str : "unknown enctype", msg); r->cname, str ? str : "unknown enctype", msg);