git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Fri, 8 Jan 2016 18:16:54 +0000 (13:16 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 27 Jan 2016 20:43:28 +0000 (15:43 -0500)
commit	83ed75feba32e46f736fcce0d96a0445f29b96c2
tree	cf2417532ea60d3a18aacec444e671caa648a542	tree \| snapshot
parent	b863de7fbf080b15e347a736fdda0a82d42f4f6b	commit \| diff

Fix leaks in kadmin server stubs [CVE-2015-8631]

In each kadmind server stub, initialize the client_name and
server_name variables, and release them in the cleanup handler.  Many
of the stubs will otherwise leak the client and server name if
krb5_unparse_name() fails.  Also make sure to free the prime_arg
variables in rename_principal_2_svc(), or we can leak the first one if
unparsing the second one fails.  Discovered by Simo Sorce.

CVE-2015-8631:

In all versions of MIT krb5, an authenticated attacker can cause
kadmind to leak memory by supplying a null principal name in a request
which uses one.  Repeating these requests will eventually cause
kadmind to exhaust all available memory.

    CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C

ticket: 8343 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup