projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 99f4ad4)
pull up r24056 from trunk
authorTom Yu <tlyu@mit.edu>
Wed, 19 May 2010 18:52:54 +0000 (18:52 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 19 May 2010 18:52:54 +0000 (18:52 +0000)
 ------------------------------------------------------------------------
 r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines

 ticket: 6725
 subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
 tags: pullup
 target_version: 1.8.2

 Make krb5_gss_accept_sec_context() check for a null authenticator
 checksum pointer before attempting to dereference it.

ticket: 6725
version_fixed: 1.8.2
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24063 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/accept_sec_context.c patch | blob | history

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index ce3075fadd00d7eb0a097b10e2c39ed982751959..624105533d307022be9083bf37f7ef80e50519ab 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
     }
 #endif
 
+    if (authdat->checksum == NULL) {
+        /* missing checksum counts as "inappropriate type" */
+        code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
     if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
         /* Samba does not send 0x8003 GSS-API checksums */
         krb5_boolean valid;
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.