FreeBSD Bugzilla – Attachment 238303 Details for
Bug 267912
kadmind dereferences NULL if client sends mangled realm message
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Second of two proposed commits
0003-heimdal-Handle-other-types-of-garbage-data.patch (text/plain), 1.70 KB, created by
Cy Schubert
on 2022-11-24 16:31:17 UTC
(
hide
)
Description:
Second of two proposed commits
Filename:
MIME Type:
Creator:
Cy Schubert
Created:
2022-11-24 16:31:17 UTC
Size:
1.70 KB
patch
obsolete
>From 98b02a1bff2f8de11eef4ee45449b5f70860c052 Mon Sep 17 00:00:00 2001 >From: Cy Schubert <cy@FreeBSD.org> >Date: Thu, 24 Nov 2022 07:07:43 -0800 >Subject: [PATCH 3/3] heimdal: Handle other types of garbage data > >In addition to garbage realm data, als handle garbage dbname, acl_file, >stash_file, and invalid bitmask garbage data. > >PR: 267912 >Reported by: Robert Morris <rtm@lcs.mit.edu> >MFC after: 3 days >--- > crypto/heimdal/lib/kadm5/marshall.c | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > >diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c >index 38b9855021b2..fa7388b692fe 100644 >--- a/crypto/heimdal/lib/kadm5/marshall.c >+++ b/crypto/heimdal/lib/kadm5/marshall.c >@@ -333,12 +333,38 @@ _kadm5_unmarshal_params(krb5_context context, > ret = krb5_ret_int32(sp, &mask); > if (ret) > goto out; >+ if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME >+ & KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) { >+ ret = EINVAL; >+ goto out; >+ } > params->mask = mask; > > if (params->mask & KADM5_CONFIG_REALM) { > ret = krb5_ret_string(sp, ¶ms->realm); > if (params->realm == NULL) { > ret = EINVAL; >+ goto out; >+ } >+ } >+ if (params->mask & KADM5_CONFIG_DBNAME) { >+ ret = krb5_ret_string(sp, ¶ms->dbname); >+ if (params->dbname == NULL) { >+ ret = EINVAL; >+ goto out; >+ } >+ } >+ if (params->mask & KADM5_CONFIG_ACL_FILE) { >+ ret = krb5_ret_string(sp, ¶ms->acl_file); >+ if (params->acl_file == NULL) { >+ ret = EINVAL; >+ goto out; >+ } >+ } >+ if (params->mask & KADM5_CONFIG_STASH_FILE) { >+ ret = krb5_ret_string(sp, ¶ms->stash_file); >+ if (params->stash_file == NULL) { >+ ret = EINVAL; > } > } > out: >-- >2.38.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=238303">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 267912
:
238235
|
238301
| 238303 |
238305