git.ipfire.org Git - thirdparty/krb5.git/commit

author	Richard Basch <basch@alum.mit.edu>
	Tue, 29 May 2012 18:07:03 +0000 (14:07 -0400)
committer	Tom Yu <tlyu@mit.edu>
	Tue, 29 May 2012 20:16:00 +0000 (16:16 -0400)
commit	ca2909440015d33be42e77d1955194963d8c0955
tree	71d4e483b130a219149a7865748b5ceb14a448e5	tree
parent	3707cc9745ee895e9691519c02925010056fec01	commit \| diff

Null pointer deref in kadmind [CVE-2012-1013]

The fix for #6626 could cause kadmind to dereference a null pointer if
a create-principal request contains no password but does contain the
KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix
name"). Only clients authorized to create principals can trigger the
bug. Fix the bug by testing for a null password in check_1_6_dummy.

CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C

[ghudson@mit.edu: Minor style change and commit message]

(cherry picked from commit c5be6209311d4a8f10fda37d0d3f876c1b33b77b)

ticket: 7152
version_fixed: 1.10.2
status: resolved