]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fbb687d) | patch
Length check when parsing GSS token encapsulation 710/head
authorGreg Hudson <ghudson@mit.edu>
Sat, 11 Nov 2017 18:42:28 +0000 (13:42 -0500)
committerGreg Hudson <ghudson@mit.edu>
Tue, 21 Nov 2017 18:10:45 +0000 (13:10 -0500)
commitf949e990f930f48df1f108fe311c58ae3da18b24
treea6cf52fd53c421140d4c07c71364688f1daa6fdftree
parentfbb687db1088ddd894d975996e5f6a4252b9a2b4commit | diff
Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

ticket: 8620 (new)
target_version: 1.16
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
src/lib/gssapi/mechglue/g_glue.c diff | blob | blame | history
src/tests/gssapi/t_invalid.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git