From 03d3e67fc1fb2d3542075bfaa343fce46bbdb852 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 19 May 2010 21:23:18 +0000 Subject: [PATCH] CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005) pull up r24056 from trunk ------------------------------------------------------------------------ r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines ticket: 6725 subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005) tags: pullup target_version: 1.8.2 Make krb5_gss_accept_sec_context() check for a null authenticator checksum pointer before attempting to dereference it. ticket: 6729 target_version: 1.7.2 version_fixed: 1.7.2 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24067 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/accept_sec_context.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index dd17c044b..bfeca088f 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -561,6 +561,13 @@ kg_accept_krb5(minor_status, context_handle, } #endif + if (authdat->checksum == NULL) { + /* missing checksum counts as "inappropriate type" */ + code = KRB5KRB_AP_ERR_INAPP_CKSUM; + major_status = GSS_S_FAILURE; + goto fail; + } + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { /* Samba does not send 0x8003 GSS-API checksums */ krb5_boolean valid; -- 2.26.2