]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0743a49) | patch
Length check when parsing GSS token encapsulation
authorGreg Hudson <ghudson@mit.edu>
Sat, 11 Nov 2017 18:42:28 +0000 (13:42 -0500)
committerGreg Hudson <ghudson@mit.edu>
Wed, 22 Nov 2017 16:26:13 +0000 (11:26 -0500)
commit674ae7b9c013ef9d433345ce93d6fe37e3febda0
tree13a9e8773020fdc0201f4f9671ab5474c4e61871tree
parent0743a4945fa49df210262958778c7daec3a9b851commit | diff
Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

ticket: 8620
version_fixed: 1.15.3
src/lib/gssapi/mechglue/g_glue.c diff | blob | blame | history
src/tests/gssapi/t_invalid.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git