projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04e2434) | patch
CVE-2009-0845 SPNEGO can dereference a null pointer
authorTom Yu <tlyu@mit.edu>
Fri, 13 Mar 2009 21:16:14 +0000 (21:16 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 13 Mar 2009 21:16:14 +0000 (21:16 +0000)
commit4fa89fc784b87b22bb551e9a8dc754cb2392d732
treeeebd37c0f30fa321c738d8703f33d89f1844f82atree | snapshot
parent04e24348bf820b0eb73c10e41549f83aab04979bcommit | diff
CVE-2009-0845 SPNEGO can dereference a null pointer

acc_ctx_new() can return an error condition without establishing a
SPNEGO context structure.  This can cause a null pointer dereference
in cleanup code in spnego_gss_accept_sec_context().

ticket: 6417
tags: pullup
target_version: 1.7

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22084 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/gssapi/spnego/spnego_mech.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.