Attachment 238463 Details for Bug 268062 – heimdal: Fix bus fault when zero-length request received

[patch] heimdal: Fix bus fault when zero-length request received

0001-heimdal-Fix-bus-fault-when-zero-length-request-recei.patch (text/plain), 1.10 KB, created by Cy Schubert on 2022-12-01 00:32:43 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Cy Schubert

Created: 2022-12-01 00:32:43 UTC

Size: 1.10 KB

patch

obsolete

>From bd0a7494a19e8828870e310ff00007f79e9081ed Mon Sep 17 00:00:00 2001
>From: Cy Schubert <cy@FreeBSD.org>
>Date: Wed, 30 Nov 2022 16:11:18 -0800
>Subject: [PATCH] heimdal: Fix bus fault when zero-length request received
>
>Zero length client requests result in a bus fault when attempting to
>free malloc()ed pointers within the requests softc. Return an error
>when the request is zero length.
>
>PR:		268062
>Reported by:	Robert Morris <rtm@lcs.mit.edu>
>MFC after:	3 days
>---
> crypto/heimdal/lib/krb5/read_message.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
>index 4e9bd012dd67..e994b0f09133 100644
>--- a/crypto/heimdal/lib/krb5/read_message.c
>+++ b/crypto/heimdal/lib/krb5/read_message.c
>@@ -55,6 +55,11 @@ krb5_read_message (krb5_context context,
> 	return HEIM_ERR_EOF;
>     }
>     len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
>+    if (len == 0) {
>+	krb5_clear_error_message(context);
>+	return HEIM_ERR_EOF;
>+    }
>+
>     ret = krb5_data_alloc (data, len);
>     if (ret) {
> 	krb5_clear_error_message(context);
>-- 
>2.38.1
>

Actions: View | Diff

Attachments on bug 268062: 238427 | 238463