]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 771228a) | patch
Fix kadmind server validation [CVE-2014-9422]
authorGreg Hudson <ghudson@mit.edu>
Mon, 29 Dec 2014 18:27:42 +0000 (13:27 -0500)
committerTom Yu <tlyu@mit.edu>
Wed, 4 Feb 2015 22:21:42 +0000 (17:21 -0500)
commit5c78bb806338b0feb90f46459834310adf5be00f
treed6a254c24cd3cdd42812f5515199a61a133aae34tree | snapshot
parent771228aafa71f472578931b798c9e159a79d196ecommit | diff
Fix kadmind server validation [CVE-2014-9422]

[MITKRB5-SA-2015-001] In kadmind's check_rpcsec_auth(), use
data_eq_string() instead of strncmp() to check components of the
server principal, so that we don't erroneously match left substrings
of "kadmin", "history", or the realm.

(cherry picked from commit 6609658db0799053fbef0d7d0aa2f1fd68ef32d8)

ticket: 8069 (new)
version_fixed: 1.12.3
status: resolved
src/kadmin/server/kadm_rpc_svc.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git