]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dc6930b) | patch
Improve checking of decoded DB2 principal values 522/head
authorGreg Hudson <ghudson@mit.edu>
Tue, 23 Aug 2016 17:41:00 +0000 (13:41 -0400)
committerGreg Hudson <ghudson@mit.edu>
Mon, 29 Aug 2016 16:30:24 +0000 (12:30 -0400)
commite3d9f03a658e247dbb43cb345aa93a28782fd995
tree31409ccfe0c50f59157b10444b4f84f94c96bb1btree
parentdc6930bd0b606d363f5696c48310f0919d6a29accommit | diff
Improve checking of decoded DB2 principal values

In krb5_decode_princ_entry(), verify the length of the principal name
before calling krb5_parse_name() or strlen(), to avoid a possible
buffer read overrun.  Check all length fields for negative values.
Avoid performing arithmetic as part of bounds checks.  If the value of
key_data_ver is unexpected, return KRB5_KDB_BAD_VERSION instead of
aborting.

ticket: 8481 (new)
target_version: 1.14-next
target_version: 1.13-next
src/plugins/kdb/db2/kdb_xdr.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git