git.ipfire.org Git - thirdparty/krb5.git/commit

]> git.ipfire.org Git - thirdparty/krb5.git/commit

projects / thirdparty / krb5.git / commit

author	Greg Hudson <ghudson@mit.edu>
	Fri, 27 Apr 2012 17:04:24 +0000 (17:04 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Wed, 9 Jan 2013 21:34:14 +0000 (16:34 -0500)
commit	a79e78cdcfa70d48a9357bbe16a3323b899c8219
tree	5fa9ddd1b3a2912995a8887fa745ddf9b5499938	tree
parent	745c0194ee93318cf4d44f6f8ccb7739523d448e	commit \| diff

Ensure null termination of AFS salts

Use krb5int_copy_data_contents_add0 when copying a pa-pw-salt or
pa-afs3-salt value in pa_salt(). If it's an afs3-salt, we're going to
throw away the length and use strcspn in krb5int_des_string_to_key,
which isn't safe if the value is unterminated.

(cherry picked from commit f566fee75f2455d6e5e7ee4fcdf5a0d327808639)

ticket: 7537 (new)
version_fixed: 1.10.4
status: resolved

src/lib/krb5/krb/preauth2.c

diff | blob | blame | history

Mirror of https://github.com/krb5/krb5.git

RSS Atom