FreeBSD Bugzilla – Attachment 238463 Details for
Bug 268062
zero-length client request causes kadmind to use pointers in freed memory
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
heimdal: Fix bus fault when zero-length request received
0001-heimdal-Fix-bus-fault-when-zero-length-request-recei.patch (text/plain), 1.10 KB, created by
Cy Schubert
on 2022-12-01 00:32:43 UTC
(
hide
)
Description:
heimdal: Fix bus fault when zero-length request received
Filename:
MIME Type:
Creator:
Cy Schubert
Created:
2022-12-01 00:32:43 UTC
Size:
1.10 KB
patch
obsolete
>From bd0a7494a19e8828870e310ff00007f79e9081ed Mon Sep 17 00:00:00 2001 >From: Cy Schubert <cy@FreeBSD.org> >Date: Wed, 30 Nov 2022 16:11:18 -0800 >Subject: [PATCH] heimdal: Fix bus fault when zero-length request received > >Zero length client requests result in a bus fault when attempting to >free malloc()ed pointers within the requests softc. Return an error >when the request is zero length. > >PR: 268062 >Reported by: Robert Morris <rtm@lcs.mit.edu> >MFC after: 3 days >--- > crypto/heimdal/lib/krb5/read_message.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c >index 4e9bd012dd67..e994b0f09133 100644 >--- a/crypto/heimdal/lib/krb5/read_message.c >+++ b/crypto/heimdal/lib/krb5/read_message.c >@@ -55,6 +55,11 @@ krb5_read_message (krb5_context context, > return HEIM_ERR_EOF; > } > len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; >+ if (len == 0) { >+ krb5_clear_error_message(context); >+ return HEIM_ERR_EOF; >+ } >+ > ret = krb5_data_alloc (data, len); > if (ret) { > krb5_clear_error_message(context); >-- >2.38.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 268062
:
238427
| 238463