projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ff8ddf6) | patch
pull up r23533 from trunk
authorTom Yu <tlyu@mit.edu>
Tue, 29 Dec 2009 02:56:46 +0000 (02:56 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 29 Dec 2009 02:56:46 +0000 (02:56 +0000)
commit6419f49ecd068cb116d1ebe6010ac03f22aa9f83
tree12208505e4da020836d72556a862628f82a652bftree | snapshot
parentff8ddf6d1009e66062cea1a59c420e29303b7518commit | diff
pull up r23533 from trunk

 ------------------------------------------------------------------------
 r23533 | tlyu | 2009-12-28 21:42:51 -0500 (Mon, 28 Dec 2009) | 10 lines

 ticket: 6608
 subject: MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referrals
 tags: pullup
 target_version: 1.7.1

 On certain error conditions, prep_reprocess_req() calls kdc_err() with
 a null pointer as the format string, causing a null dereference and
 denial of service.  Legitimate protocol requests can trigger this
 problem.

ticket: 6608
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23534 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/do_tgs_req.c diff | blob | history
src/lib/kadm5/logger.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.