Nicolas Williams 7a19658c1f spnego: Fix NULL deref ...

Reported to Heimdal by Michał Kępień <michal@isc.org>.

From the report:

Acknowledgement
---------------

This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability, which was reported to ISC by Trend Micro's Zero Day
Initiative.

2021-11-11 22:41:13 -06:00

..

accept_sec_context.c

spnego: Fix NULL deref

2021-11-11 22:41:13 -06:00

compat.c

Properly implement neg_mechs & GM_USE_MG_CRED

2020-04-21 00:21:32 -05:00

context_storage.c

gss: don't include mech_locl.h in spnego

2021-08-11 19:12:11 +10:00

context_stubs.c

gss: _gss_spnego_set_sec_context_option return

2021-10-11 14:57:09 +11:00

external.c

Add stub for gss_acquire_cred_impersonate_name().

2021-10-19 20:45:40 +11:00

init_sec_context.c

gss: pass mechanism error tokens through SPNEGO

2020-04-24 15:07:55 +10:00

negoex_ctx.c

gss: allow partial accept context export in SPNEGO

2021-08-07 18:56:33 +10:00

negoex_err.et

gss: port NegoEx implementation from MIT

2020-02-04 17:28:35 +11:00

negoex_locl.h

gss: port NegoEx implementation from MIT

2020-02-04 17:28:35 +11:00

negoex_util.c

gss: allow partial accept context export in SPNEGO

2021-08-07 18:56:33 +10:00

spnego_locl.h

gss: allow partial accept context export in SPNEGO

2021-08-07 18:56:33 +10:00

spnego.asn1

gss: harmonize negState with RFC 4178

2020-02-04 17:28:35 +11:00

spnego.opt

add missing file

2009-02-16 19:14:30 +00:00