pull up r24429 from trunk
authorTom Yu <tlyu@mit.edu>
Tue, 5 Oct 2010 22:32:34 +0000 (22:32 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 5 Oct 2010 22:32:34 +0000 (22:32 +0000)
commit315147a989c6fde20e09a69711fda1bc5cc5fcaa
tree056845b89bd419763338ce37c8ea58a0ad797073
parent5fdc034739bd98df01309d0aae930c594db58710
pull up r24429 from trunk

 ------------------------------------------------------------------------
 r24429 | tlyu | 2010-10-05 17:05:19 -0400 (Tue, 05 Oct 2010) | 14 lines

 ticket: 6797
 subject: CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)
 tags: pullup
 target_version: 1.8.4

 When the KDC receives certain TGS-REQ messages, it may dereference an
 uninitialized pointer while processing authorization data, causing a
 crash, or in rare cases, unauthorized information disclosure, ticket
 modification, or execution of arbitrary code.  The crash may be
 triggered by legitimate requests.

 Correctly implement the filtering of authorization data items to avoid
 leaving uninitialized pointers when omitting items.

ticket: 6797
status: resolved
version_fixed: 1.8.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24431 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/kdc_authdata.c