mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-07 00:50:50 +00:00
heimdal: Fix NULL dereference when mangled realm message
Fix a NULL dereference in _kadm5_s_init_context() when the client sends a mangled realm message. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> MFC after: 3 days
This commit is contained in:
parent
d7e8666ffb
commit
05bc50bdb1
|
@ -516,7 +516,9 @@ handle_v5(krb5_context contextp,
|
|||
ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms);
|
||||
if(ret)
|
||||
krb5_err(contextp, 1, ret, "krb5_read_priv_message");
|
||||
_kadm5_unmarshal_params(contextp, ¶ms, &realm_params);
|
||||
ret = _kadm5_unmarshal_params(contextp, ¶ms, &realm_params);
|
||||
if(ret)
|
||||
krb5_err(contextp, 1, ret, "Could not read or parse kadm5 parameters");
|
||||
}
|
||||
|
||||
initial = ticket->ticket.flags.initial;
|
||||
|
|
|
@ -335,8 +335,12 @@ _kadm5_unmarshal_params(krb5_context context,
|
|||
goto out;
|
||||
params->mask = mask;
|
||||
|
||||
if(params->mask & KADM5_CONFIG_REALM)
|
||||
if (params->mask & KADM5_CONFIG_REALM) {
|
||||
ret = krb5_ret_string(sp, ¶ms->realm);
|
||||
if (params->realm == NULL) {
|
||||
ret = EINVAL;
|
||||
}
|
||||
}
|
||||
out:
|
||||
krb5_storage_free(sp);
|
||||
|
||||
|
|
Loading…
Reference in a new issue