From: Tom Yu Date: Wed, 19 May 2010 18:09:37 +0000 (+0000) Subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005) X-Git-Tag: krb5-1.9-beta1~225 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=3d19e28dc97bb871cef0793e2cf4cf2a70aca239;p=krb5.git CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005) Make krb5_gss_accept_sec_context() check for a null authenticator checksum pointer before attempting to dereference it. ticket: 6725 tags: pullup target_version: 1.8.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24056 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 2d7064690..e3ec8224b 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -640,6 +640,13 @@ kg_accept_krb5(minor_status, context_handle, } #endif + if (authdat->checksum == NULL) { + /* missing checksum counts as "inappropriate type" */ + code = KRB5KRB_AP_ERR_INAPP_CKSUM; + major_status = GSS_S_FAILURE; + goto fail; + } + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { /* Samba does not send 0x8003 GSS-API checksums */ krb5_boolean valid;